openSUSE-SU-2017:1579-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2017:1579-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2017:1579-1
Related
Published
2017-06-16T09:03:31Z
Modified
2017-06-16T09:03:31Z
Summary
Security update for Mozilla Thunderbird
Details

This update to Thunderbird 52.2 fixes security issues and bugs.

The following vulnerabilities were fixed:

  • CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
  • CVE-2017-7749: Use-after-free during docshell reloading
  • CVE-2017-7750: Use-after-free with track elements
  • CVE-2017-7751: Use-after-free with content viewer listeners
  • CVE-2017-7752: Use-after-free with IME input
  • CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
  • CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
  • CVE-2017-7757: Use-after-free in IndexedDB
  • CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777: Vulnerabilities in the Graphite 2 library
  • CVE-2017-7758: Out-of-bounds read in Opus encoder
  • CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
  • CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2

Mozilla Thunderbird now requires NSS 3.28.5.

The following bugs were fixed:

  • Embedded images not shown in email received from Hotmail/Outlook webmailer
  • Detection of non-ASCII font names in font selector
  • Attachment not forwarded correctly under certain circumstances
  • Multiple requests for master password when GMail OAuth2 is enabled
  • Large number of blank pages being printed under certain circumstances when invalid preferences were present
  • Messages sent via the Simple MAPI interface are forced to HTML
  • Calendar: Invitations can't be printed
  • Mailing list (group) not accessible from macOS or Outlook address book
  • Clicking on links with references/anchors where target doesn't exist in the message not opening in external browser
References

Affected packages

SUSE:Package Hub 12 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
52.2-36.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird-buildsymbols": "52.2-36.1",
            "MozillaThunderbird": "52.2-36.1",
            "MozillaThunderbird-devel": "52.2-36.1",
            "MozillaThunderbird-translations-common": "52.2-36.1",
            "MozillaThunderbird-translations-other": "52.2-36.1"
        }
    ]
}