[SUSE-SU-2020:1225-1] Security update for MozillaThunderbird
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
- Update to 68.8.0 ESR
MFSA 2020-18 (bsc#1171186)
* CVE-2020-12397 (bmo#1617370)
Sender Email Address Spoofing using encoded Unicode
characters
* CVE-2020-12387 (bmo#1545345)
Use-after-free during worker shutdown
* CVE-2020-6831 (bmo#1632241)
Buffer overflow in SCTP chunk input validation
* CVE-2020-12392 (bmo#1614468)
Arbitrary local file access with 'Copy as cURL'
* CVE-2020-12393 (bmo#1615471)
Devtools' 'Copy as cURL' feature did not fully escape
website-controlled data, potentially leading to command
injection
* CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704,
bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076,
bmo#1631508)
Memory safety bugs fixed in Thunderbird 68.8.0
- ID
- SUSE-SU-2020:1225-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2020/suse-su-20201225-1/
- Published
-
2020-05-08T08:48:22
(4 years ago) - Modified
-
2020-05-08T08:48:22
(4 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2020-1429
- ALPINE:CVE-2020-12387
- ALPINE:CVE-2020-12392
- ALPINE:CVE-2020-12393
- ALPINE:CVE-2020-12395
- ALPINE:CVE-2020-12397
- ALPINE:CVE-2020-6831
- ASA-202005-2
- ASA-202005-3
- ASA-202005-7
- DSA-4678-1
- DSA-4683-1
- DSA-4714-1
- ELSA-2020-2031
- ELSA-2020-2036
- ELSA-2020-2037
- ELSA-2020-2046
- ELSA-2020-2049
- ELSA-2020-2050
- GLSA-202005-03
- GLSA-202005-04
- MFSA-2020-16
- MFSA-2020-17
- MFSA-2020-18
- openSUSE-SU-2020:0620-1
- openSUSE-SU-2020:0621-1
- openSUSE-SU-2020:0643-1
- openSUSE-SU-2020:0648-1
- openSUSE-SU-2020:0709-1
- openSUSE-SU-2020:0917-1
- RHSA-2020:2031
- RHSA-2020:2036
- RHSA-2020:2037
- RHSA-2020:2046
- RHSA-2020:2049
- RHSA-2020:2050
- RHSA-2020:2064
- SSA:2020-126-01
- SUSE-SU-2020:1209-1
- SUSE-SU-2020:1218-1
- USN-4353-1
- USN-4373-1
Source | # ID | Name | URL |
---|---|---|---|
Suse | SUSE ratings | https://www.suse.com/support/security/rating/ | |
Suse | URL of this CSAF notice | https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1225-1.json | |
Suse | URL for SUSE-SU-2020:1225-1 | https://www.suse.com/support/update/announcement/2020/suse-su-20201225-1/ | |
Suse | E-Mail link for SUSE-SU-2020:1225-1 | https://lists.suse.com/pipermail/sle-security-updates/2020-May/006810.html | |
Bugzilla | SUSE Bug 1171186 | https://bugzilla.suse.com/1171186 | |
CVE | SUSE CVE CVE-2020-12387 page | https://www.suse.com/security/cve/CVE-2020-12387/ | |
CVE | SUSE CVE CVE-2020-12392 page | https://www.suse.com/security/cve/CVE-2020-12392/ | |
CVE | SUSE CVE CVE-2020-12393 page | https://www.suse.com/security/cve/CVE-2020-12393/ | |
CVE | SUSE CVE CVE-2020-12395 page | https://www.suse.com/security/cve/CVE-2020-12395/ | |
CVE | SUSE CVE CVE-2020-12397 page | https://www.suse.com/security/cve/CVE-2020-12397/ | |
CVE | SUSE CVE CVE-2020-6831 page | https://www.suse.com/security/cve/CVE-2020-6831/ |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |