Releases Security Updates for Thunderbird (October 24th , 2019)

Ref# Microsoft | Date: Oct 25th 2019


Mozilla has released a security update to address vulnerabilities in Thunderbird. It is recommended that you take the necessary precautions by ensuring your products are always updated.


  • CVE-2019-11764: Memory safety bugs fixed in Thunderbird 68.2 #CVE-2019-11764 


  • CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber

  • CVE-2019-11757: Use-after-free when creating index updates in IndexedDB

  • CVE-2019-11758: Potentially exploitable crash due to 360 Total Security


  • CVE-2019-11759: Stack buffer overflow in HKDF output

  • CVE-2019-11760: Stack buffer overflow in WebRTC networking

  • CVE-2019-11761: Unintended access to a privileged JSONView object

  • CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation

  • CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique

The Guyana National CIRT recommends users and administration to follow these guidelines and to apply them where necessary.


 Microsoft Releases Security Updates for Thunderbird (US-Cert) ases-security-update-thunderbird