[RHSA-2020:5235] thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.5.0.
Security Fix(es):
Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Package | Affected Version |
---|---|
pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-7.9 | < 78.5.0-1.el7_9 |
pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-7.9 | < 78.5.0-1.el7_9 |
- ID
- RHSA-2020:5235
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2020:5235
- Published
-
2020-11-30T00:00:00
(3 years ago) - Modified
-
2020-11-30T00:00:00
(3 years ago) - Rights
- Copyright 2020 Red Hat, Inc.
- Other Advisories
-
- ALAS2-2021-1586
- ALPINE:CVE-2020-16012
- ALPINE:CVE-2020-26951
- ALPINE:CVE-2020-26953
- ALPINE:CVE-2020-26956
- ALPINE:CVE-2020-26958
- ALPINE:CVE-2020-26959
- ALPINE:CVE-2020-26960
- ALPINE:CVE-2020-26961
- ALPINE:CVE-2020-26965
- ALPINE:CVE-2020-26968
- ASA-202011-11
- ASA-202011-12
- DSA-4793-1
- DSA-4796-1
- DSA-4824-1
- ELSA-2020-5235
- ELSA-2020-5236
- ELSA-2020-5237
- ELSA-2020-5238
- ELSA-2020-5239
- ELSA-2020-5257
- FEDORA-2020-10ec8aca61
- FEDORA-2020-3e005ce2e0
- GLSA-202012-03
- GLSA-202012-04
- MFSA-2020-50
- MFSA-2020-51
- MFSA-2020-52
- openSUSE-SU-2020:2010-1
- openSUSE-SU-2020:2012-1
- openSUSE-SU-2020:2020-1
- openSUSE-SU-2020:2021-1
- openSUSE-SU-2020:2026-1
- openSUSE-SU-2020:2031-1
- openSUSE-SU-2020:2032-1
- openSUSE-SU-2020:2055-1
- openSUSE-SU-2020:2096-1
- openSUSE-SU-2020:2187-1
- openSUSE-SU-2020:2315-1
- RHSA-2020:5236
- RHSA-2020:5237
- RHSA-2020:5238
- RHSA-2020:5239
- RHSA-2020:5257
- SUSE-SU-2020:3383-1
- SUSE-SU-2020:3458-1
- SUSE-SU-2020:3528-1
- SUSE-SU-2020:3548-1
- USN-4637-1
- USN-4637-2
- USN-4647-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-7.9 | redhat | thunderbird | < 78.5.0-1.el7_9 | redhat-7.9 | x86_64 | |
Affected | pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-7.9 | redhat | thunderbird | < 78.5.0-1.el7_9 | redhat-7.9 | ppc64le |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |