Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64
High Nessus Plugin ID 118585
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionThis update upgrades Thunderbird to version 60.2.1.
Security Fix(es) :
- Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376)
- Mozilla: Use-after-free in driver timers (CVE-2018-12377)
- Mozilla: Use-after-free in IndexedDB (CVE-2018-12378)
- Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541)
- Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-12379)
- Mozilla: Crash in TransportSecurityInfo due to cached data (CVE-2018-12385)
- Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords (CVE-2018-12383)
SolutionUpdate the affected thunderbird and / or thunderbird-debuginfo packages.