{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"60.6.1-82.1","MozillaThunderbird-buildsymbols":"60.6.1-82.1","MozillaThunderbird-translations-common":"60.6.1-82.1","MozillaThunderbird-translations-other":"60.6.1-82.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.6.1-82.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\nSecurity issues fixed:\n\n- Update to MozillaThunderbird 60.6.1 (bsc#1130262):\n\n- CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations\n- CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information\n\n- Update to MozillaThunderbird 60.6 (bsc#1129821):\n\n- CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file \n- CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content\n- CVE-2019-9788: Fixed multiple memory safety bugs\n- CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements\n- CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement \n  with IonMonkey\n- CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script\n- CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled\n- CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution\n- CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler\n- CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller\n\nRelease notes:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-12/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-11/\n","id":"openSUSE-SU-2019:1126-1","modified":"2019-04-03T01:51:25Z","published":"2019-04-03T01:51:25Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GSODLL2FRT4TZVOPDYQGDUHJR25R63RL/#GSODLL2FRT4TZVOPDYQGDUHJR25R63RL"},{"type":"REPORT","url":"https://bugzilla.suse.com/1129821"},{"type":"REPORT","url":"https://bugzilla.suse.com/1130262"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18506"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5785"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9788"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9790"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9791"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9792"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9793"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9794"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9795"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9796"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9801"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9810"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9813"}],"related":["CVE-2018-18506","CVE-2019-5785","CVE-2019-9788","CVE-2019-9790","CVE-2019-9791","CVE-2019-9792","CVE-2019-9793","CVE-2019-9794","CVE-2019-9795","CVE-2019-9796","CVE-2019-9801","CVE-2019-9810","CVE-2019-9813"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2018-18506","CVE-2019-5785","CVE-2019-9788","CVE-2019-9790","CVE-2019-9791","CVE-2019-9792","CVE-2019-9793","CVE-2019-9794","CVE-2019-9795","CVE-2019-9796","CVE-2019-9801","CVE-2019-9810","CVE-2019-9813"]}