[openSUSE-SU-2020:0643-1] Security update for MozillaThunderbird
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
- Update to 68.8.0 ESR
MFSA 2020-18 (bsc#1171186)
* CVE-2020-12397 (bmo#1617370)
Sender Email Address Spoofing using encoded Unicode
characters
* CVE-2020-12387 (bmo#1545345)
Use-after-free during worker shutdown
* CVE-2020-6831 (bmo#1632241)
Buffer overflow in SCTP chunk input validation
* CVE-2020-12392 (bmo#1614468)
Arbitrary local file access with 'Copy as cURL'
* CVE-2020-12393 (bmo#1615471)
Devtools' 'Copy as cURL' feature did not fully escape
website-controlled data, potentially leading to command
injection
* CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704,
bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076,
bmo#1631508)
Memory safety bugs fixed in Thunderbird 68.8.0
This update was imported from the SUSE:SLE-15:Update update project.
Package | Affected Version |
---|---|
pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.1 | < 68.8.0-lp151.2.38.2 |
pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.1 | < 68.8.0-lp151.2.38.2 |
pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.1 | < 68.8.0-lp151.2.38.2 |
- ID
- openSUSE-SU-2020:0643-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5YQSDU3MFHQWYW5DLTHJ4JOYHWTHCHMN/
- Published
-
2020-05-09T22:21:15
(4 years ago) - Modified
-
2020-05-09T22:21:15
(4 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2020-1429
- ALPINE:CVE-2020-12387
- ALPINE:CVE-2020-12392
- ALPINE:CVE-2020-12393
- ALPINE:CVE-2020-12395
- ALPINE:CVE-2020-12397
- ALPINE:CVE-2020-6831
- ASA-202005-2
- ASA-202005-3
- ASA-202005-7
- DSA-4678-1
- DSA-4683-1
- DSA-4714-1
- ELSA-2020-2031
- ELSA-2020-2036
- ELSA-2020-2037
- ELSA-2020-2046
- ELSA-2020-2049
- ELSA-2020-2050
- GLSA-202005-03
- GLSA-202005-04
- MFSA-2020-16
- MFSA-2020-17
- MFSA-2020-18
- openSUSE-SU-2020:0620-1
- openSUSE-SU-2020:0621-1
- openSUSE-SU-2020:0648-1
- openSUSE-SU-2020:0709-1
- openSUSE-SU-2020:0917-1
- RHSA-2020:2031
- RHSA-2020:2036
- RHSA-2020:2037
- RHSA-2020:2046
- RHSA-2020:2049
- RHSA-2020:2050
- RHSA-2020:2064
- SSA:2020-126-01
- SUSE-SU-2020:1209-1
- SUSE-SU-2020:1218-1
- SUSE-SU-2020:1225-1
- USN-4353-1
- USN-4373-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.1 | opensuse | MozillaThunderbird | < 68.8.0-lp151.2.38.2 | opensuse-leap-15.1 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.1 | opensuse | MozillaThunderbird-translations-other | < 68.8.0-lp151.2.38.2 | opensuse-leap-15.1 | x86_64 | |
Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.1 | opensuse | MozillaThunderbird-translations-common | < 68.8.0-lp151.2.38.2 | opensuse-leap-15.1 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |