On March 25, 2019, the Mozilla developers have released the email client Thunderbird version 60.6.1. This is a maintenance update which closes security gaps. Here is some information about it.
- CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information: Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.
- CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations: ncorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.
The vulnerabilities are classified as critical – users should update the Thunderbird as soon as possible. The following issues has not been fixed:
- Due to changes in the Mozilla platform profiles stored on Windows network shares addressed via drive letters are now addressed via UNC.
- Chat: Twitter not working due to API changes at Twitter.com.
Cookies helps to fund this blog: Cookie settings