openSUSE-SU-2017:0357-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2017:0357-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2017:0357-1
Related
Published
2017-02-01T17:54:52Z
Modified
2017-02-01T17:54:52Z
Summary
Security update for MozillaThunderbird
Details

This update to Mozilla Thunderbird 45.7.0 fixes security issues and bugs.

The following security issues from advisory MFSA 2017-03 were fixed (boo#1021991) In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts:

  • CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (boo#1021814)
  • CVE-2017-5376: Use-after-free in XSL (boo#1021817)
  • CVE-2017-5378: Pointer and frame data leakage of Javascript objects (boo#1021818)
  • CVE-2017-5380: Potential use-after-free during DOM manipulations (boo#1021819)
  • CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (boo#1021820)
  • CVE-2017-5396: Use-after-free with Media Decoder (boo#1021821)
  • CVE-2017-5383: Location bar spoofing with unicode characters (boo#1021822)
  • CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7 (boo#1021824)

The following non-security bugs were fixed:

  • Message preview pane non-functional after IMAP folder was renamed or moved
  • 'Move To' button on 'Search Messages' panel not working
  • Message sent to 'undisclosed recipients' shows no recipient (non-functional since Thunderbird version 38)
References

Affected packages

SUSE:Package Hub 12 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
45.7.0-23.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird-buildsymbols": "45.7.0-23.1",
            "MozillaThunderbird": "45.7.0-23.1",
            "MozillaThunderbird-devel": "45.7.0-23.1",
            "MozillaThunderbird-translations-common": "45.7.0-23.1",
            "MozillaThunderbird-translations-other": "45.7.0-23.1"
        }
    ]
}