[openSUSE-SU-2018:3687-1] Security update for MozillaThunderbird
Severity
Important
Affected Packages
4
CVEs
25
Security update for MozillaThunderbird
This update for Mozilla Thunderbird to version 60.2.1 fixes multiple issues.
Multiple security issues were fixed in the Mozilla platform as advised in MFSA 2018-25 and MFSA 2018-28.
In general, these flaws cannot be exploited through email in Thunderbird because scripting
is disabled when reading mail, but are potentially risks in browser or browser-like contexts:
- CVE-2018-12359: Prevent buffer overflow using computed size of canvas element (bsc#1098998)
- CVE-2018-12360: Prevent use-after-free when using focus() (bsc#1098998)
- CVE-2018-12361: Prevent integer overflow in SwizzleData (bsc#1098998)
- CVE-2018-12362: Prevent integer overflow in SSSE3 scaler (bsc#1098998)
- CVE-2018-5156: Prevent media recorder segmentation fault when track type is changed during capture (bsc#1098998)
- CVE-2018-12363: Prevent use-after-free when appending DOM nodes (bsc#1098998)
- CVE-2018-12364: Prevent CSRF attacks through 307 redirects and NPAPI plugins (bsc#1098998)
- CVE-2018-12365: Prevent compromised IPC child process listing local filenames (bsc#1098998)
- CVE-2018-12371: Prevent integer overflow in Skia library during edge builder allocation (bsc#1098998)
- CVE-2018-12366: Prevent invalid data handling during QCMS transformations (bsc#1098998)
- CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming (bsc#1098998)
- CVE-2018-5187: Various memory safety bugs (bsc#1098998)
- CVE-2018-5188: Various memory safety bugs (bsc#1098998)
- CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343)
- CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343)
- CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1066489)
- CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (bsc#1107343)
- CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363)
- CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343)
- CVE-2018-12389: Fixed memory safety bugs (bsc#1112852)
- CVE-2018-12390: Fixed memory safety bugs (bsc#1112852)
- CVE-2018-12391: Fixed HTTP Live Stream audio data is accessible cross-origin (bsc#1112852)
- CVE-2018-12392: Fixed crash with nested event loops (bsc#1112852)
- CVE-2018-12393: Fixed integer overflow during Unicode conversion while loading JavaScript (bsc#1112852)
These non-security issues were fixed:
- Fix date display issues (bsc#1109379)
- Fix start-up crash due to folder name with special characters (bsc#1107772)
- Storing of remote content settings fixed (bsc#1084603)
- Improved message handling and composing
- Improved handling of message templates
- Support for OAuth2 and FIDO U2F
- Various Calendar improvements
- Various fixes and changes to e-mail workflow
- Various IMAP fixes
- Native desktop notifications
- various theme fixes
- Shift+PageUp/PageDown in Write window
- Gloda attachment filtering
- Mailing list address auto-complete enter/return handling
- Thunderbird hung if HTML signature references non-existent image
- Filters not working for headers that appear more than once
- ID
- openSUSE-SU-2018:3687-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BBHDVB7NPDAZXEW2BECURXKYFEGTTUL4/#BBHDVB7NPDAZXEW2BECURXKYFEGTTUL4
- Published
-
2018-11-09T08:34:29
(5 years ago) - Modified
-
2018-11-09T08:34:29
(5 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2018-1061
- ALAS2-2018-1088
- ALAS2-2019-1157
- ASA-201806-14
- ASA-201807-4
- ASA-201808-8
- ASA-201810-13
- ASA-201810-14
- ASA-201811-10
- DSA-4235-1
- DSA-4244-1
- DSA-4287-1
- DSA-4288-1
- DSA-4295-1
- DSA-4304-1
- DSA-4324-1
- DSA-4327-1
- DSA-4337-1
- ELSA-2018-2113
- ELSA-2018-2251
- ELSA-2018-2252
- ELSA-2018-2692
- ELSA-2018-2693
- ELSA-2018-2835
- ELSA-2018-3005
- ELSA-2018-3006
- ELSA-2018-3403
- ELSA-2018-3458
- ELSA-2018-3531
- ELSA-2018-3532
- ELSA-2018-3834
- FEDORA-2018-28447b6f2e
- FEDORA-2018-56221eb24b
- FEDORA-2018-81ee973d7c
- FREEBSD:3284D948-140C-4A3E-AA76-3B440E2006A8
- FREEBSD:7C3A02B9-3273-4426-A0BA-F90FAD2FF72E
- FREEBSD:C96D416A-EAE7-4D5D-BC84-40DECA9329FB
- FREEBSD:CD81806C-26E7-4D4A-8425-02724A2F48AF
- GLSA-201810-01
- GLSA-201811-04
- GLSA-201811-12
- GLSA-201811-13
- MFSA-2018-15
- MFSA-2018-16
- MFSA-2018-17
- MFSA-2018-18
- MFSA-2018-19
- MFSA-2018-20
- MFSA-2018-21
- MFSA-2018-22
- MFSA-2018-23
- MFSA-2018-25
- MFSA-2018-26
- MFSA-2018-27
- MFSA-2018-28
- openSUSE-SU-2018:2807-1
- RHSA-2018:2112
- RHSA-2018:2113
- RHSA-2018:2251
- RHSA-2018:2252
- RHSA-2018:2692
- RHSA-2018:2693
- RHSA-2018:2834
- RHSA-2018:2835
- RHSA-2018:3005
- RHSA-2018:3006
- RHSA-2018:3403
- RHSA-2018:3458
- RHSA-2018:3531
- RHSA-2018:3532
- RHSA-2018:3834
- SSA:2018-265-01
- SUSE-SU-2018:2174-1
- SUSE-SU-2018:2298-1
- SUSE-SU-2018:2322-1
- SUSE-SU-2018:2322-2
- SUSE-SU-2018:2325-1
- SUSE-SU-2018:2890-1
- SUSE-SU-2018:2975-1
- SUSE-SU-2018:2975-2
- SUSE-SU-2018:2975-3
- SUSE-SU-2018:2976-1
- SUSE-SU-2018:3247-1
- SUSE-SU-2018:3330-1
- SUSE-SU-2018:3476-1
- SUSE-SU-2018:3591-1
- SUSE-SU-2018:3591-2
- SUSE-SU-2018:3656-1
- SUSE-SU-2018:3749-1
- SUSE-SU-2018:3749-2
- SUSE-SU-2018:3749-3
- SUSE-SU-2018:3769-1
- USN-3705-1
- USN-3714-1
- USN-3749-1
- USN-3761-1
- USN-3768-1
- USN-3778-1
- USN-3793-1
- USN-3801-1
- USN-3868-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse | MozillaThunderbird | < 60.3.0-74.2 | opensuse-12 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse | MozillaThunderbird-translations-other | < 60.3.0-74.2 | opensuse-12 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse | MozillaThunderbird-translations-common | < 60.3.0-74.2 | opensuse-12 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaThunderbird-buildsymbols?arch=x86_64&distro=opensuse-12&repo=suse-package-hub | opensuse | MozillaThunderbird-buildsymbols | < 60.3.0-74.2 | opensuse-12 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |