#13381 closed enhancement (fixed)
thunderbird-68.7.0
| Reported by: | Douglas R. Reno | Owned by: | Tim Tassonis |
|---|---|---|---|
| Priority: | high | Milestone: | 10.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version
Change History (6)
comment:1 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 4 years ago
Note: The mozilla security advisory for 68.7 isn't available yet. I suspect that it'll have the same 0-day fixes in it that Firefox did in 68.6.1
comment:4 by , 4 years ago
| Priority: | normal → high |
|---|
Mozilla Foundation Security Advisory 2020-14
Security Vulnerabilities fixed in Thunderbird 68.7.0
Announced
April 9, 2020
Impact
critical
Products
Thunderbird
Fixed in
Thunderbird 68.7
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
#CVE-2020-6819: Use-after-free while running the nsDocShell destructor
Reporter
Francisco Alonso @revskills working with Javier Marcos of @JMPSec
Impact
critical
Description
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free.
References
Bug 1620818
#CVE-2020-6820: Use-after-free when handling a ReadableStream
Reporter
Francisco Alonso @revskills working with Javier Marcos of @JMPSec
Impact
critical
Description
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free.
References
Bug 1626728
#CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method
Reporter
Jeff Gilbert, Kenneth Russell
Impact
high
Description
When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure.
References
Bug 1625404
#CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large images
Reporter
Deian Stefan
Impact
moderate
Description
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code.
References
Bug 1544181
#CVE-2020-6825: Memory safety bugs fixed in Thunderbird 68.7.0
Reporter
Mozilla developers
Impact
high
Description
Mozilla developers Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
Memory safety bugs fixed in Thunderbird 68.7.0
Note:
See TracTickets
for help on using tickets.
new
MailExtensions: Raw message source available to MailExtensions
changed
MailExtensions: messages.update function extended to mark messages as junk or not junk changed
MailExtensions: browser.compose.begin functions no longer expand mailing lists
fixed
Various improvements to account setup when connecting to an Exchange server fixed
Thread collapsed when opening news message in a new window fixed
Addons not automatically updated to compatible version after upgrade from Thunderbird 60 fixed
Updating addons did not prompt when requesting new permissions fixed
Extra recipients panel not keyboard-accessible fixed
Accessibility: Status bar was not detected by screenreaders fixed
MailExtensions: messages.query by folder name did not require accountsRead permission fixed
Calendar: Invitations with embedded null bytes did not always decode correctly fixed
Calendar: Cancelled events didn't show with a line-through fixed
Various security fixes