Ref# Microsoft | Date: Oct 25th 2019

---

Description

Mozilla has released a security update to address vulnerabilities in Thunderbird. It is recommended that you take the necessary precautions by ensuring your products are always updated.

Critical

• CVE-2019-11764: Memory safety bugs fixed in Thunderbird 68.2

        https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/ #CVE-2019-11764 

High

• CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber

         https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/ #CVE-2019-15903 

• CVE-2019-11757: Use-after-free when creating index updates in IndexedDB

         https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/ #CVE-2019-11757 

• CVE-2019-11758: Potentially exploitable crash due to 360 Total Security

         https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/ #CVE-2019-11758 

Moderate

• CVE-2019-11759: Stack buffer overflow in HKDF output

         https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11759

• CVE-2019-11760: Stack buffer overflow in WebRTC networking

         https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/ #CVE-2019-11760 

• CVE-2019-11761: Unintended access to a privileged JSONView object

         https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11761 

• CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation

         https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11762 

• CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique

         https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11763 

The Guyana National CIRT recommends users and administration to follow these guidelines and to apply them where necessary.

Reference

 Microsoft Releases Security Updates for Thunderbird (US-Cert)

https://www.us-cert.gov/ncas/current-activity/2019/10/24/mozilla-rele ases-security-update-thunderbird