1 |
type: security |
2 |
subject: Updated thunderbird packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2018-5095 |
5 |
- CVE-2018-5096 |
6 |
- CVE-2018-5097 |
7 |
- CVE-2018-5098 |
8 |
- CVE-2018-5099 |
9 |
- CVE-2018-5102 |
10 |
- CVE-2018-5103 |
11 |
- CVE-2018-5104 |
12 |
- CVE-2018-5117 |
13 |
- CVE-2018-5089 |
14 |
src: |
15 |
5: |
16 |
core: |
17 |
- thunderbird-52.6.0-1.mga5 |
18 |
- thunderbird-l10n-52.6.0-1.mga5 |
19 |
6: |
20 |
core: |
21 |
- thunderbird-52.6.0-1.mga6 |
22 |
- thunderbird-l10n-52.6.0-1.mga6 |
23 |
description: | |
24 |
Integer overflow in Skia library during edge builder allocation. |
25 |
(CVE-2018-5095) |
26 |
|
27 |
Use-after-free while editing form elements. (CVE-2018-5096) |
28 |
|
29 |
Use-after-free when source document is manipulated during XSLT. |
30 |
(CVE-2018-5097) |
31 |
|
32 |
Use-after-free while manipulating form input elements. (CVE-2018-5098) |
33 |
|
34 |
Use-after-free with widget listener. (CVE-2018-5099) |
35 |
|
36 |
Use-after-free in HTML media elements. (CVE-2018-5102) |
37 |
|
38 |
Use-after-free during mouse event handling. (CVE-2018-5103) |
39 |
|
40 |
Use-after-free during font face manipulation. (CVE-2018-5104) |
41 |
|
42 |
URL spoofing with right-to-left text aligned left-to-right. |
43 |
(CVE-2018-5117) |
44 |
|
45 |
Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6, and Thunderbird |
46 |
52.6. (CVE-2018-5089) |
47 |
references: |
48 |
- https://bugs.mageia.org/show_bug.cgi?id=22470 |
49 |
- https://www.mozilla.org/en-US/thunderbird/52.6.0/releasenotes/ |
50 |
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/ |
51 |
ID: MGASA-2018-0115 |