[openSUSE-SU-2017:2710-1] Security update for MozillaThunderbird

Severity Important

Affected Packages 5

CVEs 9

Security update for MozillaThunderbird

Mozilla Thunderbird was updated to 52.4.0 (boo#1060445)
* new behavior was introduced for replies to mailing list posts:
'When replying to a mailing list, reply will be sent to address
in From header ignoring Reply-to header'. A new preference
mail.override_list_reply_to allows to restore the previous behavior.
* Under certain circumstances (image attachment and non-image
attachment), attached images were shown truncated in messages
stored in IMAP folders not synchronised for offline use.
* IMAP UIDs > 0x7FFFFFFF now handled properly
Security fixes from Gecko 52.4esr
* CVE-2017-7793 (bmo#1371889)
Use-after-free with Fetch API
* CVE-2017-7818 (bmo#1363723)
Use-after-free during ARIA array manipulation
* CVE-2017-7819 (bmo#1380292)
Use-after-free while resizing images in design mode
* CVE-2017-7824 (bmo#1398381)
Buffer overflow when drawing and validating elements with ANGLE
* CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
Use-after-free in TLS 1.2 generating handshake hashes
* CVE-2017-7814 (bmo#1376036)
Blob and data URLs bypass phishing and malware protection warnings
* CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
OS X fonts render some Tibetan and Arabic unicode characters as spaces
* CVE-2017-7823 (bmo#1396320)
CSP sandbox directive did not create a unique origin
* CVE-2017-7810
Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

Add alsa-devel BuildRequires: we care for ALSA support to be built and thus need to ensure we get the dependencies in place. In the past, alsa-devel was pulled in by accident: we buildrequire libgnome-devel. This required esound-devel and that in turn pulled in alsa-devel for us. libgnome is being fixed to no longer require esound-devel.

Package	Affected Version
pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	< 52.4.0-45.1
pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	< 52.4.0-45.1
pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	< 52.4.0-45.1
pkg:rpm/opensuse/MozillaThunderbird-devel?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	< 52.4.0-45.1
pkg:rpm/opensuse/MozillaThunderbird-buildsymbols?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	< 52.4.0-45.1

ID

openSUSE-SU-2017:2710-1

Severity

important

URL

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LDCHQXU3UZNGY4UDTM7XLWWMHJTBW6JU/#LDCHQXU3UZNGY4UDTM7XLWWMHJTBW6JU

Published

2017-10-11T17:57:43
(7 years ago)

Modified

2017-10-11T17:57:43
(7 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_2710-1.json
Suse	URL for openSUSE-SU-2017:2710-1	https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LDCHQXU3UZNGY4UDTM7XLWWMHJTBW6JU/#LDCHQXU3UZNGY4UDTM7XLWWMHJTBW6JU
Suse	E-Mail link for openSUSE-SU-2017:2710-1	https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LDCHQXU3UZNGY4UDTM7XLWWMHJTBW6JU/#LDCHQXU3UZNGY4UDTM7XLWWMHJTBW6JU
Bugzilla	SUSE Bug 1060445	https://bugzilla.suse.com/1060445
CVE	SUSE CVE CVE-2017-7793 page	https://www.suse.com/security/cve/CVE-2017-7793/
CVE	SUSE CVE CVE-2017-7805 page	https://www.suse.com/security/cve/CVE-2017-7805/
CVE	SUSE CVE CVE-2017-7810 page	https://www.suse.com/security/cve/CVE-2017-7810/
CVE	SUSE CVE CVE-2017-7814 page	https://www.suse.com/security/cve/CVE-2017-7814/
CVE	SUSE CVE CVE-2017-7818 page	https://www.suse.com/security/cve/CVE-2017-7818/
CVE	SUSE CVE CVE-2017-7819 page	https://www.suse.com/security/cve/CVE-2017-7819/
CVE	SUSE CVE CVE-2017-7823 page	https://www.suse.com/security/cve/CVE-2017-7823/
CVE	SUSE CVE CVE-2017-7824 page	https://www.suse.com/security/cve/CVE-2017-7824/
CVE	SUSE CVE CVE-2017-7825 page	https://www.suse.com/security/cve/CVE-2017-7825/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	opensuse	MozillaThunderbird	< 52.4.0-45.1	opensuse-12	x86_64
Affected	pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	opensuse	MozillaThunderbird-translations-other	< 52.4.0-45.1	opensuse-12	x86_64
Affected	pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	opensuse	MozillaThunderbird-translations-common	< 52.4.0-45.1	opensuse-12	x86_64
Affected	pkg:rpm/opensuse/MozillaThunderbird-devel?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	opensuse	MozillaThunderbird-devel	< 52.4.0-45.1	opensuse-12	x86_64
Affected	pkg:rpm/opensuse/MozillaThunderbird-buildsymbols?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	opensuse	MozillaThunderbird-buildsymbols	< 52.4.0-45.1	opensuse-12	x86_64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date