File _patchinfo of Package patchinfo.10885
<patchinfo incident="10885">
<issue tracker="bnc" id="1137970">MozillaFirefox mis-builds translations</issue>
<issue tracker="bnc" id="1140868">VUL-0: MozillaFirefox: 68.0 / 60.8.0esr / MozillaThunderbird 68.8.0</issue>
<issue tracker="cve" id="2019-11712"/>
<issue tracker="cve" id="2019-11719"/>
<issue tracker="cve" id="2019-11730"/>
<issue tracker="cve" id="2019-11715"/>
<issue tracker="cve" id="2019-11713"/>
<issue tracker="cve" id="2019-11711"/>
<issue tracker="cve" id="2019-9811"/>
<issue tracker="cve" id="2019-11717"/>
<issue tracker="cve" id="2019-11709"/>
<issue tracker="cve" id="2019-11729"/>
<packager>AndreasStieger</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for MozillaThunderbird</summary>
<description>This update for MozillaThunderbird fixes the following issues:
- Generate langpacks sequentially to avoid file corruption
from racy file writes (boo#1137970)
- Mozilla Thunderbird 60.8.0
* Calendar: Problems when editing event times, some related to
AM/PM setting in non-English locales
MFSA 2019-23 (boo#1140868)
* CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
Sandbox escape via installation of malicious languagepack
* CVE-2019-11711 (bmo#1552541)
Script injection within domain through inner window reuse
* CVE-2019-11712 (bmo#1543804)
Cross-origin POST requests can be made with NPAPI plugins by
following 308 redirects
* CVE-2019-11713 (bmo#1528481)
Use-after-free with HTTP/2 cached stream
* CVE-2019-11729 (bmo#1515342)
Empty or malformed p256-ECDH public keys may trigger a segmentation fault
* CVE-2019-11715 (bmo#1555523)
HTML parsing error can contribute to content XSS
* CVE-2019-11717 (bmo#1548306)
Caret character improperly escaped in origins
* CVE-2019-11719 (bmo#1540541)
Out-of-bounds read when importing curve25519 private key
* CVE-2019-11730 (bmo#1558299)
Same-origin policy treats all files in a directory as having the
same-origin
* CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and
Thunderbird 60.8
</description>
</patchinfo>