File _patchinfo of Package patchinfo.13742

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.13742

<patchinfo incident="13742">
  <issue tracker="bnc" id="1160305">VUL-0: MozillaFirefox, MozillaThunderbird: Update Firefox and Thunderbird to 72.0/68.4 esr (MFSA 2020-01 and MFSA 2020-02)</issue>
  <issue tracker="bnc" id="1160498">EMU: VUL-0: MozillaFirefox, Update Firefox to 72.0.1/68.4.1 esr (MFSA 2020-03)</issue>
  <issue tracker="cve" id="2019-17017"/>
  <issue tracker="cve" id="2019-17016"/>
  <issue tracker="cve" id="2019-17024"/>
  <issue tracker="cve" id="2019-17022"/>
  <issue tracker="cve" id="2019-17026"/>
  <issue tracker="cve" id="2019-17015"/>
  <issue tracker="cve" id="2019-17021"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird to version 68.4.1 fixes the following issues:

Security issues fixed:

- CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
- CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
- CVE-2019-17017: Type Confusion in XPCVariant.cpp
- CVE-2019-17022: CSS sanitization does not escape HTML tags
- CVE-2019-17024: multiple Memory safety bugs fixed

Non-security issues fixed:

- Various improvements when setting up an account for a Microsoft Exchange 
  server. For example better detection for Office 365 accounts.
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.13742

Places