[openSUSE-SU-2020:0366-1] Security update for MozillaThunderbird
Severity
Important
Affected Packages
3
CVEs
7
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
MozillaThunderbird was updated to 68.6.0 ESR (MFSA 2020-10 bsc#1166238)
- CVE-2020-6805: Fixed a use-after-free when removing data about origins
- CVE-2020-6806: Fixed improper protections against state confusion
- CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction
- CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully escape website-controlled data potentially leading to command injection
- CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init
- CVE-2020-6812: Fixed an issue where the names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
- CVE-2020-6814: Fixed multiple memory safety bugs
This update was imported from the SUSE:SLE-15:Update update project.
Package | Affected Version |
---|---|
pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.1 | < 68.6.0-lp151.2.28.1 |
pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.1 | < 68.6.0-lp151.2.28.1 |
pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.1 | < 68.6.0-lp151.2.28.1 |
- ID
- openSUSE-SU-2020:0366-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M4XSGNQTGWEYYC34KIWMTBKR7IVQN3XO/
- Published
-
2020-03-22T11:16:48
(4 years ago) - Modified
-
2020-03-22T11:16:48
(4 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2020-1414
- ALPINE:CVE-2019-20503
- ALPINE:CVE-2020-6805
- ALPINE:CVE-2020-6806
- ALPINE:CVE-2020-6807
- ALPINE:CVE-2020-6811
- ALPINE:CVE-2020-6812
- ALPINE:CVE-2020-6814
- ASA-202003-11
- ASA-202003-12
- ASA-202003-8
- DSA-4639-1
- DSA-4642-1
- DSA-4645-1
- ELSA-2020-0815
- ELSA-2020-0816
- ELSA-2020-0820
- ELSA-2020-0905
- ELSA-2020-0914
- ELSA-2020-0919
- FEDORA-2020-17149a4f3d
- FEDORA-2020-39e0b8bd14
- FEDORA-2020-7fd051b378
- GLSA-202003-02
- GLSA-202003-10
- MFSA-2020-08
- MFSA-2020-09
- MFSA-2020-10
- MS:CVE-2019-20503
- openSUSE-SU-2020:0340-1
- openSUSE-SU-2020:0365-1
- openSUSE-SU-2020:0389-1
- RHSA-2020:0815
- RHSA-2020:0816
- RHSA-2020:0820
- RHSA-2020:0905
- RHSA-2020:0914
- RHSA-2020:0919
- RHSA-2020:1270
- SSA:2020-070-01
- SSA:2020-073-01
- SUSE-SU-2020:0686-1
- SUSE-SU-2020:0717-1
- SUSE-SU-2020:0721-1
- USN-4299-1
- USN-4328-1
- USN-4335-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.1 | opensuse | MozillaThunderbird | < 68.6.0-lp151.2.28.1 | opensuse-leap-15.1 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.1 | opensuse | MozillaThunderbird-translations-other | < 68.6.0-lp151.2.28.1 | opensuse-leap-15.1 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.1 | opensuse | MozillaThunderbird-translations-common | < 68.6.0-lp151.2.28.1 | opensuse-leap-15.1 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |