advisories/24541.adv

type: security
subject: Updated thunderbird packages fix security vulnerability
CVE:
 - CVE-2019-9788
 - CVE-2019-9790
 - CVE-2019-9791
 - CVE-2019-9792
 - CVE-2019-9793
 - CVE-2019-9794
 - CVE-2019-9795
 - CVE-2019-9796
 - CVE-2019-9801
 - CVE-2019-9810
 - CVE-2019-9813
 - CVE-2018-18506
src:
  6:
   core:
     - thunderbird-60.6.1-1.mga6
     - thunderbird-l10n-60.6.1-1.mga6
description: |
  Use-after-free when removing in-use DOM elements. (CVE-2019-9790)

  Type inference is incorrect for constructors entered through on-stack
  replacement with IonMonkey. (CVE-2019-9791)

  IonMonkey leaks JS_OPTIMIZED_OUT magic value to script. (CVE-2019-9792)

  Improper bounds checks when Spectre mitigations are disabled.
  (CVE-2019-9793)

  Command line arguments not discarded during execution. (CVE-2019-9794)

  Type-confusion in IonMonkey JIT compiler. (CVE-2019-9795)

  Use-after-free with SMIL animation controller. (CVE-2019-9796)

  Windows programs that are not 'URL Handlers' are exposed to web content.
  (CVE-2019-9801)

  Proxy Auto-Configuration file can define localhost access to be proxied.
  (CVE-2018-18506)

  Memory safety bugs fixed in Firefox 66, Firefox ESR 60.6, and Thunderbird
  60.6. (CVE-2019-9788)

  IonMonkey MArraySlice has incorrect alias information. (CVE-2019-9810)

  Ionmonkey type confusion with __proto__ mutations. (CVE-2019-9813)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24541
 - https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/
 - https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/
 - https://www.thunderbird.net/en-US/thunderbird/60.6.0/releasenotes/
 - https://www.thunderbird.net/en-US/thunderbird/60.6.1/releasenotes/
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2LKJX4XFUISMUN6H4VQJY7MSG5SM7LGB/
ID: MGASA-2019-0129
1	type: security
2	subject: Updated thunderbird packages fix security vulnerability
3	CVE:
4	- CVE-2019-9788
5	- CVE-2019-9790
6	- CVE-2019-9791
7	- CVE-2019-9792
8	- CVE-2019-9793
9	- CVE-2019-9794
10	- CVE-2019-9795
11	- CVE-2019-9796
12	- CVE-2019-9801
13	- CVE-2019-9810
14	- CVE-2019-9813
15	- CVE-2018-18506
16	src:
17	6:
18	core:
19	- thunderbird-60.6.1-1.mga6
20	- thunderbird-l10n-60.6.1-1.mga6
21	description: \|
22	Use-after-free when removing in-use DOM elements. (CVE-2019-9790)
23
24	Type inference is incorrect for constructors entered through on-stack
25	replacement with IonMonkey. (CVE-2019-9791)
26
27	IonMonkey leaks JS_OPTIMIZED_OUT magic value to script. (CVE-2019-9792)
28
29	Improper bounds checks when Spectre mitigations are disabled.
30	(CVE-2019-9793)
31
32	Command line arguments not discarded during execution. (CVE-2019-9794)
33
34	Type-confusion in IonMonkey JIT compiler. (CVE-2019-9795)
35
36	Use-after-free with SMIL animation controller. (CVE-2019-9796)
37
38	Windows programs that are not 'URL Handlers' are exposed to web content.
39	(CVE-2019-9801)
40
41	Proxy Auto-Configuration file can define localhost access to be proxied.
42	(CVE-2018-18506)
43
44	Memory safety bugs fixed in Firefox 66, Firefox ESR 60.6, and Thunderbird
45	60.6. (CVE-2019-9788)
46
47	IonMonkey MArraySlice has incorrect alias information. (CVE-2019-9810)
48
49	Ionmonkey type confusion with __proto__ mutations. (CVE-2019-9813)
50	references:
51	- https://bugs.mageia.org/show_bug.cgi?id=24541
52	- https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/
53	- https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/
54	- https://www.thunderbird.net/en-US/thunderbird/60.6.0/releasenotes/
55	- https://www.thunderbird.net/en-US/thunderbird/60.6.1/releasenotes/
56	- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2LKJX4XFUISMUN6H4VQJY7MSG5SM7LGB/
57	ID: MGASA-2019-0129