Security vulnerabilities fixed in Thunderbird 60.6.1
- March 25, 2019
- Fixed in
- Thunderbird 60.6.1
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
- Richard Zhu and Amat Cama via Trend Micro's Zero Day Initiative
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.
- Niklas Baumstark via Trend Micro's Zero Day Initiative
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.