[openSUSE-SU-2016:3308-1] Security update for MozillaThunderbird
Severity
Moderate
Affected Packages
13
CVEs
8
Security update for MozillaThunderbird
This update to Mozilla Thunderbird 45.6.0 fixes security issues and bugs.
In general, these flaws cannot be exploited through email in Thunderbird because
scripting is disabled when reading mail, but are potentially risks in browser or
browser-like contexts.
The following vulnerabilities were fixed: (boo#1015422)
- CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
- CVE-2016-9895: CSP bypass using marquee tag
- CVE-2016-9897: Memory corruption in libGLES
- CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
- CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
- CVE-2016-9904: Cross-origin information leak in shared atoms
- CVE-2016-9905: Crash in EnumerateSubDocuments
- CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6
The following bugs were fixed:
- The system integration dialog was shown every time when starting Thunderbird
- ID
- openSUSE-SU-2016:3308-1
- Severity
- moderate
- Published
-
2016-12-30T17:01:32
(7 years ago) - Modified
-
2016-12-30T17:01:32
(7 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALPINE:CVE-2016-9893
-
ALPINE:CVE-2016-9895
-
ALPINE:CVE-2016-9897
-
ALPINE:CVE-2016-9898
-
ALPINE:CVE-2016-9899
-
ALPINE:CVE-2016-9900
-
ALPINE:CVE-2016-9904
-
ALPINE:CVE-2016-9905
-
ASA-201612-15
-
DSA-3734-1
-
DSA-3757-1
-
ELSA-2016-2946
-
ELSA-2016-2973
-
FREEBSD:512C0FFD-CD39-4DA4-B2DC-81FF4BA8E238
-
GLSA-201701-15
-
MFSA-2016-94
-
MFSA-2016-95
-
MFSA-2016-96
-
openSUSE-SU-2016:3307-1
-
RHSA-2016:2946
-
RHSA-2016:2973
-
SSA:2016-365-02
-
SUSE-SU-2016:3210-1
-
SUSE-SU-2016:3222-1
-
SUSE-SU-2016:3223-1
-
USN-3155-1
-
USN-3165-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Suse | SUSE ratings |
|
|
| Suse | URL of this CSAF notice |
|
|
| Bugzilla | SUSE Bug 1015422 |
|
|
| CVE | SUSE CVE CVE-2016-9893 page |
|
|
| CVE | SUSE CVE CVE-2016-9895 page |
|
|
| CVE | SUSE CVE CVE-2016-9897 page |
|
|
| CVE | SUSE CVE CVE-2016-9898 page |
|
|
| CVE | SUSE CVE CVE-2016-9899 page |
|
|
| CVE | SUSE CVE CVE-2016-9900 page |
|
|
| CVE | SUSE CVE CVE-2016-9904 page |
|
|
| CVE | SUSE CVE CVE-2016-9905 page |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse |
 MozillaThunderbird
|
< 45.6.0-20.1 | opensuse-12 | x86_64 | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird?arch=s390x&distro=opensuse-12&repo=suse-package-hub | opensuse |
MozillaThunderbird
|
< 45.6.0-20.1 | opensuse-12 | s390x | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird?arch=aarch64&distro=opensuse-12&repo=suse-package-hub | opensuse |
MozillaThunderbird
|
< 45.6.0-20.1 | opensuse-12 | aarch64 | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse |
MozillaThunderbird-translations-other
|
< 45.6.0-20.1 | opensuse-12 | x86_64 | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=s390x&distro=opensuse-12&repo=suse-package-hub | opensuse |
MozillaThunderbird-translations-other
|
< 45.6.0-20.1 | opensuse-12 | s390x | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=aarch64&distro=opensuse-12&repo=suse-package-hub | opensuse |
MozillaThunderbird-translations-other
|
< 45.6.0-20.1 | opensuse-12 | aarch64 | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse |
MozillaThunderbird-translations-common
|
< 45.6.0-20.1 | opensuse-12 | x86_64 | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=s390x&distro=opensuse-12&repo=suse-package-hub | opensuse |
MozillaThunderbird-translations-common
|
< 45.6.0-20.1 | opensuse-12 | s390x | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=aarch64&distro=opensuse-12&repo=suse-package-hub | opensuse |
MozillaThunderbird-translations-common
|
< 45.6.0-20.1 | opensuse-12 | aarch64 | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird-devel?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse |
MozillaThunderbird-devel
|
< 45.6.0-20.1 | opensuse-12 | x86_64 | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird-devel?arch=s390x&distro=opensuse-12&repo=suse-package-hub | opensuse |
MozillaThunderbird-devel
|
< 45.6.0-20.1 | opensuse-12 | s390x | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird-devel?arch=aarch64&distro=opensuse-12&repo=suse-package-hub | opensuse |
MozillaThunderbird-devel
|
< 45.6.0-20.1 | opensuse-12 | aarch64 | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird-buildsymbols?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse |
MozillaThunderbird-buildsymbols
|
< 45.6.0-20.1 | opensuse-12 | x86_64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |