[openSUSE-SU-2017:2209-1] Security update for MozillaThunderbird
Severity
Important
Affected Packages
5
CVEs
16
Security update for MozillaThunderbird
This update for MozillaThunderbird to version 52.3 fixes security issues and bugs.
The following vulnerabilities were fixed:
- CVE-2017-7798: XUL injection in the style editor in devtools
- CVE-2017-7800: Use-after-free in WebSockets during disconnection
- CVE-2017-7801: Use-after-free with marquee during window resizing
- CVE-2017-7784: Use-after-free with image observers
- CVE-2017-7802: Use-after-free resizing image elements
- CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
- CVE-2017-7786: Buffer overflow while painting non-displayable SVG
- CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements#
- CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
- CVE-2017-7807: Domain hijacking through AppCache fallback
- CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
- CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
- CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
- CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
- CVE-2017-7803: CSP containing 'sandbox' improperly applied
- CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
The following bugs were fixed:
- Unwanted inline images shown in rogue SPAM messages
- Deleting message from the POP3 server not working when maildir storage was used
- Message disposition flag (replied / forwarded) lost when reply or forwarded message was stored as draft and draft was sent later
- Inline images not scaled to fit when printing
- Selected text from another message sometimes included in a reply
- No authorisation prompt displayed when inserting image into email body although image URL requires authentication
- Large attachments taking a long time to open under some circumstances
- ID
- openSUSE-SU-2017:2209-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IJOETQICPAUKQMIRZDYIIRKRSWKSIMF5/#IJOETQICPAUKQMIRZDYIIRKRSWKSIMF5
- Published
-
2017-08-18T09:46:47
(7 years ago) - Modified
-
2017-08-18T09:46:47
(7 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
ASA-201708-18
DSA-3928-1
ELSA-2017-2456
FREEBSD:555B244E-6B20-4546-851F-D8EB7D6C1FFA
GLSA-201802-03
MFSA-2017-18
RHSA-2017:2456
SUSE-SU-2017:2302-1
USN-3391-1| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse |
 MozillaThunderbird
|
< 52.3.0-42.1 | opensuse-12 | x86_64 | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse |
MozillaThunderbird-translations-other
|
< 52.3.0-42.1 | opensuse-12 | x86_64 | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse |
MozillaThunderbird-translations-common
|
< 52.3.0-42.1 | opensuse-12 | x86_64 | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird-devel?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse |
MozillaThunderbird-devel
|
< 52.3.0-42.1 | opensuse-12 | x86_64 | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird-buildsymbols?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse |
MozillaThunderbird-buildsymbols
|
< 52.3.0-42.1 | opensuse-12 | x86_64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |