Synopsis:          Important: thunderbird security update
Advisory ID:       SLSA-2019:1624-1
Issue Date:        2019-06-27
CVE Numbers:       None
--

Security Fix(es):

* Mozilla: Type confusion in Array.pop (CVE-2019-11707)

* thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in
icalrecur.c (CVE-2019-11705)

* Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708)

* thunderbird: Heap buffer over read in icalparser.c parser_get_next_char
(CVE-2019-11703)

* thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote
function in icalvalue.c (CVE-2019-11704)

* thunderbird: Type confusion in icaltimezone_get_vtimezone_properties
function in icalproperty.c (CVE-2019-11706)

--

SL6
  x86_64
    thunderbird-60.7.2-2.el6_10.x86_64.rpm
    thunderbird-debuginfo-60.7.2-2.el6_10.x86_64.rpm
  i386
    thunderbird-60.7.2-2.el6_10.i686.rpm
    thunderbird-debuginfo-60.7.2-2.el6_10.i686.rpm

- Scientific Linux Development Team