Debian Bug report logs -
#898631
thunderbird: still efail attack issue possible against S/MIME and PGP/MIME in some circumstances
Package:
src:thunderbird;
Maintainer for src:thunderbird is Carsten Schoenert <cschoenert@t-onlinede>;
Reported by: Yves-Alexis Perez <corsac@debianorg>
Date: Mon, 14 May 2018 13:18:05 U ...
Synopsis
Important: thunderbird security update
Type/Severity
Security Advisory: Important
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis
Important: thunderbird security update
Type/Severity
Security Advisory: Important
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis
Critical: firefox security update
Type/Severity
Security Advisory: Critical
Topic
An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis
Critical: firefox security update
Type/Severity
Security Advisory: Critical
Topic
An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Several security issues were fixed in Thunderbird ...
USN-3645-1 caused a regression in Firefox ...
Firefox could be made to crash or run programs as your login if it
opened a malicious website ...
The following CVEs are fixed in the updated thunderbird package:
CVE-2018-5161: Hang via malformed headersCVE-2018-5162: Encrypted mail leaks plaintext through src attributeCVE-2018-5183: Backport critical security fixes in SkiaCVE-2018-5155: Use-after-free with SVG animations and text pathsCVE-2018-5170: Filename spoofing for external attachmentsC ...
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths This results in a potentially exploitable crash This vulnerability affects Thunderbird < 528, Thunderbird ESR < 528, Firefox < 60, and Firefox ESR < 528 ...
A use-after-free vulnerability has been found in Firefox < 600 and Thunderbird < 528, while enumerating attributes during SVG animations with clip paths ...
Mozilla Foundation Security Advisory 2018-13
Security vulnerabilities fixed in Thunderbird 528
Announced
May 18, 2018
Impact
critical
Products
Thunderbird
Fixed in
Thunderbird 528
...
Mozilla Foundation Security Advisory 2018-11
Security vulnerabilities fixed in Firefox 60
Announced
May 9, 2018
Impact
critical
Products
Firefox
Fixed in
Firefox 60
...
Mozilla Foundation Security Advisory 2018-12
Security vulnerabilities fixed in Firefox ESR 528
Announced
May 9, 2018
Impact
critical
Products
Firefox ESR
Fixed in
Firefox ESR 528
...