1. Home
  2. Security Advisories
  3. OpenSUSE
  4. openSUSE-SU-2019:1664-1

[openSUSE-SU-2019:1664-1] Security update for MozillaThunderbird

Severity Important
Affected Packages 4
CVEs 22
Info Packages References Vulnerabilities

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird was updated to 60.7.2 / MFSA 2019-20 (boo#1138872):
* CVE-2019-11707: Type confusion in Array.pop
* CVE-2019-11708: sandbox escape using Prompt:Open

Mozilla Thunderbird was updated to 60.7.1 / MFSA 2019-17 (boo#1137595):
* CVE-2019-11703: Heap buffer overflow in icalparser.c
* CVE-2019-11704: Heap buffer overflow in icalvalue.c
* CVE-2019-11705: Stack buffer overflow in icalrecur.c
* CVE-2019-11706: Type confusion in icalproperty.c

Also fixed: No prompt for smartcard PIN when S/MIME signing is used

Mozilla Thunderbird was updated to 60.7.0 / MFSA 2019-15 (boo#1135824):

  • Attachment pane of Write window no longer focussed when attaching
    files using a keyboard shortcut

  • CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS

  • CVE-2019-9816: Type confusion with object groups and UnboxedObjects

  • CVE-2019-9817: Stealing of cross-domain images using canvas

  • CVE-2019-9818 (Windows only): Use-after-free in crash generation server

  • CVE-2019-9819: Compartment mismatch with fetch API

  • CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell

  • CVE-2019-11691: Use-after-free in XMLHttpRequest

  • CVE-2019-11692: Use-after-free removing listeners in the event listener manager

  • CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux

  • CVE-2019-7317: Use-after-free in png_image_free of libpng library

  • CVE-2019-9797: Cross-origin theft of images with createImageBitmap

  • CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext

  • CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox

  • CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks

  • CVE-2019-5798: Out-of-bounds read in Skia

  • CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7

  • Disable building with LTO (boo#1133267).

Package Affected Version
pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-12&repo=suse-package-hub < 60.7.2-85.1
pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-12&repo=suse-package-hub < 60.7.2-85.1
pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-12&repo=suse-package-hub < 60.7.2-85.1
pkg:rpm/opensuse/MozillaThunderbird-buildsymbols?arch=x86_64&distro=opensuse-12&repo=suse-package-hub < 60.7.2-85.1
ID
openSUSE-SU-2019:1664-1
Severity
important
URL
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZFVBHHF6WMJDJB73NZDWFFGS6D23TB67/#ZFVBHHF6WMJDJB73NZDWFFGS6D23TB67
Published
2019-06-28T08:42:30
(5 years ago)
Modified
2019-06-28T08:42:30
(5 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1664-1.json
Suse URL for openSUSE-SU-2019:1664-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZFVBHHF6WMJDJB73NZDWFFGS6D23TB67/#ZFVBHHF6WMJDJB73NZDWFFGS6D23TB67
Suse E-Mail link for openSUSE-SU-2019:1664-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZFVBHHF6WMJDJB73NZDWFFGS6D23TB67/#ZFVBHHF6WMJDJB73NZDWFFGS6D23TB67
Bugzilla SUSE Bug 1130694 https://bugzilla.suse.com/1130694
Bugzilla SUSE Bug 1133267 https://bugzilla.suse.com/1133267
Bugzilla SUSE Bug 1135824 https://bugzilla.suse.com/1135824
Bugzilla SUSE Bug 1137595 https://bugzilla.suse.com/1137595
Bugzilla SUSE Bug 1138872 https://bugzilla.suse.com/1138872
CVE SUSE CVE CVE-2018-18511 page https://www.suse.com/security/cve/CVE-2018-18511/
CVE SUSE CVE CVE-2019-11691 page https://www.suse.com/security/cve/CVE-2019-11691/
CVE SUSE CVE CVE-2019-11692 page https://www.suse.com/security/cve/CVE-2019-11692/
CVE SUSE CVE CVE-2019-11693 page https://www.suse.com/security/cve/CVE-2019-11693/
CVE SUSE CVE CVE-2019-11694 page https://www.suse.com/security/cve/CVE-2019-11694/
CVE SUSE CVE CVE-2019-11698 page https://www.suse.com/security/cve/CVE-2019-11698/
CVE SUSE CVE CVE-2019-11703 page https://www.suse.com/security/cve/CVE-2019-11703/
CVE SUSE CVE CVE-2019-11704 page https://www.suse.com/security/cve/CVE-2019-11704/
CVE SUSE CVE CVE-2019-11705 page https://www.suse.com/security/cve/CVE-2019-11705/
CVE SUSE CVE CVE-2019-11706 page https://www.suse.com/security/cve/CVE-2019-11706/
CVE SUSE CVE CVE-2019-11707 page https://www.suse.com/security/cve/CVE-2019-11707/
CVE SUSE CVE CVE-2019-11708 page https://www.suse.com/security/cve/CVE-2019-11708/
CVE SUSE CVE CVE-2019-5798 page https://www.suse.com/security/cve/CVE-2019-5798/
CVE SUSE CVE CVE-2019-7317 page https://www.suse.com/security/cve/CVE-2019-7317/
CVE SUSE CVE CVE-2019-9797 page https://www.suse.com/security/cve/CVE-2019-9797/
CVE SUSE CVE CVE-2019-9800 page https://www.suse.com/security/cve/CVE-2019-9800/
CVE SUSE CVE CVE-2019-9815 page https://www.suse.com/security/cve/CVE-2019-9815/
CVE SUSE CVE CVE-2019-9816 page https://www.suse.com/security/cve/CVE-2019-9816/
CVE SUSE CVE CVE-2019-9817 page https://www.suse.com/security/cve/CVE-2019-9817/
CVE SUSE CVE CVE-2019-9818 page https://www.suse.com/security/cve/CVE-2019-9818/
CVE SUSE CVE CVE-2019-9819 page https://www.suse.com/security/cve/CVE-2019-9819/
CVE SUSE CVE CVE-2019-9820 page https://www.suse.com/security/cve/CVE-2019-9820/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-12&repo=suse-package-hub opensuse MozillaThunderbird < 60.7.2-85.1 opensuse-12 x86_64
Affected pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-12&repo=suse-package-hub opensuse MozillaThunderbird-translations-other < 60.7.2-85.1 opensuse-12 x86_64
Affected pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-12&repo=suse-package-hub opensuse MozillaThunderbird-translations-common < 60.7.2-85.1 opensuse-12 x86_64
Affected pkg:rpm/opensuse/MozillaThunderbird-buildsymbols?arch=x86_64&distro=opensuse-12&repo=suse-package-hub opensuse MozillaThunderbird-buildsymbols < 60.7.2-85.1 opensuse-12 x86_64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date