[RHSA-2020:5235] thunderbird security update

Severity Important

Affected Packages 2

CVEs 10

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.5.0.

Security Fix(es):

Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951)
Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968)
Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012)
Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953)
Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956)
Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958)
Mozilla: Use-after-free in WebRequestService (CVE-2020-26959)
Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960)
Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961)
Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-7.9	< 78.5.0-1.el7_9
pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-7.9	< 78.5.0-1.el7_9

ID

RHSA-2020:5235

Severity

important

URL

https://access.redhat.com/errata/RHSA-2020:5235

Published

2020-11-30T00:00:00
(3 years ago)

Modified

2020-11-30T00:00:00
(3 years ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	1898731	https://bugzilla.redhat.com/1898731
Bugzilla	1898732	https://bugzilla.redhat.com/1898732
Bugzilla	1898733	https://bugzilla.redhat.com/1898733
Bugzilla	1898734	https://bugzilla.redhat.com/1898734
Bugzilla	1898735	https://bugzilla.redhat.com/1898735
Bugzilla	1898736	https://bugzilla.redhat.com/1898736
Bugzilla	1898737	https://bugzilla.redhat.com/1898737
Bugzilla	1898738	https://bugzilla.redhat.com/1898738
Bugzilla	1898739	https://bugzilla.redhat.com/1898739
Bugzilla	1898741	https://bugzilla.redhat.com/1898741
RHSA	RHSA-2020:5235	https://access.redhat.com/errata/RHSA-2020:5235
CVE	CVE-2020-16012	https://access.redhat.com/security/cve/CVE-2020-16012
CVE	CVE-2020-26951	https://access.redhat.com/security/cve/CVE-2020-26951
CVE	CVE-2020-26953	https://access.redhat.com/security/cve/CVE-2020-26953
CVE	CVE-2020-26956	https://access.redhat.com/security/cve/CVE-2020-26956
CVE	CVE-2020-26958	https://access.redhat.com/security/cve/CVE-2020-26958
CVE	CVE-2020-26959	https://access.redhat.com/security/cve/CVE-2020-26959
CVE	CVE-2020-26960	https://access.redhat.com/security/cve/CVE-2020-26960
CVE	CVE-2020-26961	https://access.redhat.com/security/cve/CVE-2020-26961
CVE	CVE-2020-26965	https://access.redhat.com/security/cve/CVE-2020-26965
CVE	CVE-2020-26968	https://access.redhat.com/security/cve/CVE-2020-26968

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-7.9	redhat	thunderbird	< 78.5.0-1.el7_9	redhat-7.9	x86_64
Affected	pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-7.9	redhat	thunderbird	< 78.5.0-1.el7_9	redhat-7.9	ppc64le

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date