[openSUSE-SU-2020:0003-1] Security update for MozillaThunderbird
Severity
Important
Affected Packages
3
CVEs
8
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
Mozilla Thunderbird was updated to 68.3esr (MFSA 2019-38 bsc#1158328)
Security issues fixed:
- CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331)
- CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156)
- CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176)
- CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494)
- CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084)
- CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170)
- CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334)
- CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502)
Other issues addressed:
- New: Message display toolbar action WebExtension API (bmo#1531597)
- New: Navigation buttons are now available in content tabs (bmo#787683)
- Fixed an issue where write window was not always correct (bmo#1593280)
- Fixed toolbar issues (bmo#1584160)
- Fixed issues with LDAP lookup when SSL was enabled (bmo#1576364)
- Fixed an issue with scam link confirmation panel (bmo#1596413)
- Fixed an issue with the write window where the Link Properties dialog was not showing named anchors in context menu (bmo#1593629)
- Fixed issues with calendar (bmo#1588516)
- Fixed issues with chat where reordering via drag-and-drop was not working on Instant messaging status dialog (bmo#1591505)
This update was imported from the SUSE:SLE-15:Update update project.
Package | Affected Version |
---|---|
pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.1 | < 68.3.0-lp151.2.19.1 |
pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.1 | < 68.3.0-lp151.2.19.1 |
pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.1 | < 68.3.0-lp151.2.19.1 |
- ID
- openSUSE-SU-2020:0003-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NRHDWT3QC423VY6ACEY346YD3PPCAECZ/
- Published
-
2020-01-09T16:29:51
(4 years ago) - Modified
-
2020-01-09T16:29:51
(4 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2020-1355
- ALAS2-2020-1379
- ALAS2-2020-1384
- ALAS2-2020-1386
- ALAS2-2024-2470
- ALPINE:CVE-2019-11745
- ALPINE:CVE-2019-17005
- ALPINE:CVE-2019-17008
- ALPINE:CVE-2019-17009
- ALPINE:CVE-2019-17010
- ALPINE:CVE-2019-17011
- ALPINE:CVE-2019-17012
- ASA-201912-1
- ASA-201912-2
- DSA-4579-1
- DSA-4580-1
- DSA-4585-1
- ELSA-2019-4107
- ELSA-2019-4111
- ELSA-2019-4114
- ELSA-2019-4148
- ELSA-2019-4152
- ELSA-2019-4190
- ELSA-2019-4195
- GLSA-202003-02
- GLSA-202003-10
- GLSA-202003-37
- MFSA-2019-36
- MFSA-2019-37
- MFSA-2019-38
- openSUSE-SU-2020:0002-1
- openSUSE-SU-2020:0008-1
- RHSA-2019:4107
- RHSA-2019:4108
- RHSA-2019:4111
- RHSA-2019:4114
- RHSA-2019:4148
- RHSA-2019:4152
- RHSA-2019:4190
- RHSA-2019:4195
- RHSA-2019:4205
- SSA:2019-337-01
- SUSE-SU-2019:3337-1
- SUSE-SU-2019:3339-1
- SUSE-SU-2019:3347-1
- SUSE-SU-2019:3395-1
- SUSE-SU-2020:0088-1
- USN-4203-1
- USN-4203-2
- USN-4216-1
- USN-4216-2
- USN-4241-1
- USN-4335-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.1 | opensuse | MozillaThunderbird | < 68.3.0-lp151.2.19.1 | opensuse-leap-15.1 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.1 | opensuse | MozillaThunderbird-translations-other | < 68.3.0-lp151.2.19.1 | opensuse-leap-15.1 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.1 | opensuse | MozillaThunderbird-translations-common | < 68.3.0-lp151.2.19.1 | opensuse-leap-15.1 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |