1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2019:2912-1

[SUSE-SU-2019:2912-1] Recommended update for MozillaThunderbird

Severity Important
CVEs 9
Info References Vulnerabilities

Recommended update for MozillaThunderbird

This update for MozillaThunderbird to version 68.2.1 provides the following fixes:

  • Security issues fixed (bsc#1154738):
    • CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429).
    • CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738).
    • CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738).
    • CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738).
    • CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738).
    • CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738).
    • CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738).
    • CVE-2019-11763: Fixed an XSS bypass (bsc#1154738).
    • CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738).

Other fixes (bsc#1153879):
* Some attachments couldn't be opened in messages originating from MS Outlook 2016.
* Address book import from CSV.
* Performance problem in message body search.
* Ctrl+Enter to send a message would open an attachment if the attachment pane had focus.
* Calendar: Issues with 'Today Pane' start-up.
* Calendar: Glitches with custom repeat and reminder number input.
* Calendar: Problems with WCAP provider.
* A language for the user interface can now be chosen in
the advanced settings

* Fixed an issue with Google authentication (OAuth2)
* Fixed an issue where selected or unread messages were not
shown in the correct color in the thread pane under some
circumstances
* Fixed an issue where when using a language pack, names of
standard folders were not localized (bsc#1149126)
* Fixed an issue where the address book default startup directory
in preferences panel not persisted
* Fixed various visual glitches
* Fixed issues with the chat
* Fixed building with rust >= 1.38.
* Fixrd LTO build without PGO.
* Removed kde.js since disabling instantApply breaks extensions and is now obsolete with
the move to HTML views for preferences. (bsc#1151186)
* Updated create-tar.sh. (bsc#1152778)
* Deactivated the crashreporter for the last remaining arch.

ID
SUSE-SU-2019:2912-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2019/suse-su-20192912-1/
Published
2019-11-07T10:31:34
(4 years ago)
Modified
2019-11-07T10:31:34
(4 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2912-1.json
Suse URL for SUSE-SU-2019:2912-1 https://www.suse.com/support/update/announcement/2019/suse-su-20192912-1/
Suse E-Mail link for SUSE-SU-2019:2912-1 https://lists.suse.com/pipermail/sle-security-updates/2019-November/006099.html
Bugzilla SUSE Bug 1149126 https://bugzilla.suse.com/1149126
Bugzilla SUSE Bug 1149429 https://bugzilla.suse.com/1149429
Bugzilla SUSE Bug 1151186 https://bugzilla.suse.com/1151186
Bugzilla SUSE Bug 1152778 https://bugzilla.suse.com/1152778
Bugzilla SUSE Bug 1153879 https://bugzilla.suse.com/1153879
Bugzilla SUSE Bug 1154738 https://bugzilla.suse.com/1154738
CVE SUSE CVE CVE-2019-11757 page https://www.suse.com/security/cve/CVE-2019-11757/
CVE SUSE CVE CVE-2019-11758 page https://www.suse.com/security/cve/CVE-2019-11758/
CVE SUSE CVE CVE-2019-11759 page https://www.suse.com/security/cve/CVE-2019-11759/
CVE SUSE CVE CVE-2019-11760 page https://www.suse.com/security/cve/CVE-2019-11760/
CVE SUSE CVE CVE-2019-11761 page https://www.suse.com/security/cve/CVE-2019-11761/
CVE SUSE CVE CVE-2019-11762 page https://www.suse.com/security/cve/CVE-2019-11762/
CVE SUSE CVE CVE-2019-11763 page https://www.suse.com/security/cve/CVE-2019-11763/
CVE SUSE CVE CVE-2019-11764 page https://www.suse.com/security/cve/CVE-2019-11764/
CVE SUSE CVE CVE-2019-15903 page https://www.suse.com/security/cve/CVE-2019-15903/
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date