[openSUSE-SU-2017:2710-1] Security update for MozillaThunderbird
Security update for MozillaThunderbird
Mozilla Thunderbird was updated to 52.4.0 (boo#1060445)
* new behavior was introduced for replies to mailing list posts:
'When replying to a mailing list, reply will be sent to address
in From header ignoring Reply-to header'. A new preference
mail.override_list_reply_to allows to restore the previous behavior.
* Under certain circumstances (image attachment and non-image
attachment), attached images were shown truncated in messages
stored in IMAP folders not synchronised for offline use.
* IMAP UIDs > 0x7FFFFFFF now handled properly
Security fixes from Gecko 52.4esr
* CVE-2017-7793 (bmo#1371889)
Use-after-free with Fetch API
* CVE-2017-7818 (bmo#1363723)
Use-after-free during ARIA array manipulation
* CVE-2017-7819 (bmo#1380292)
Use-after-free while resizing images in design mode
* CVE-2017-7824 (bmo#1398381)
Buffer overflow when drawing and validating elements with ANGLE
* CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
Use-after-free in TLS 1.2 generating handshake hashes
* CVE-2017-7814 (bmo#1376036)
Blob and data URLs bypass phishing and malware protection warnings
* CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
OS X fonts render some Tibetan and Arabic unicode characters as spaces
* CVE-2017-7823 (bmo#1396320)
CSP sandbox directive did not create a unique origin
* CVE-2017-7810
Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
- Add alsa-devel BuildRequires: we care for ALSA support to be built and thus need to ensure we get the dependencies in place. In the past, alsa-devel was pulled in by accident: we buildrequire libgnome-devel. This required esound-devel and that in turn pulled in alsa-devel for us. libgnome is being fixed to no longer require esound-devel.
- ID
- openSUSE-SU-2017:2710-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LDCHQXU3UZNGY4UDTM7XLWWMHJTBW6JU/#LDCHQXU3UZNGY4UDTM7XLWWMHJTBW6JU
- Published
-
2017-10-11T17:57:43
(7 years ago) - Modified
-
2017-10-11T17:57:43
(7 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2017-911
- ASA-201710-19
- DSA-3987-1
- DSA-3998-1
- DSA-4014-1
- ELSA-2017-2831
- ELSA-2017-2832
- ELSA-2017-2885
- FREEBSD:1098A15B-B0F6-42B7-B5C7-8A8646E8BE07
- FREEBSD:E71FD9D3-AF47-11E7-A633-009C02A2AB30
- GLSA-201802-03
- GLSA-201803-14
- MFSA-2017-21
- MFSA-2017-22
- MFSA-2017-23
- openSUSE-SU-2017:2707-1
- RHSA-2017:2831
- RHSA-2017:2832
- RHSA-2017:2885
- SUSE-SU-2017:2688-1
- SUSE-SU-2017:2872-1
- SUSE-SU-2017:2872-2
- USN-3431-1
- USN-3435-1
- USN-3436-1
- USN-3688-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse | MozillaThunderbird | < 52.4.0-45.1 | opensuse-12 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse | MozillaThunderbird-translations-other | < 52.4.0-45.1 | opensuse-12 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse | MozillaThunderbird-translations-common | < 52.4.0-45.1 | opensuse-12 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaThunderbird-devel?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse | MozillaThunderbird-devel | < 52.4.0-45.1 | opensuse-12 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaThunderbird-buildsymbols?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse | MozillaThunderbird-buildsymbols | < 52.4.0-45.1 | opensuse-12 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |