openSUSE-SU-2017:3108-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2017:3108-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2017:3108-1
Related
Published
2017-11-27T18:50:59Z
Modified
2017-11-27T18:50:59Z
Summary
Security update for Mozilla Thunderbird
Details

This update for Mozilla Thunderbird fixes the following issues:

Security issues fixed in 52.5.0 ESR as advised in MFSA 2017-26 (boo#1068101):

  • CVE-2017-7828: Use-after-free of PressShell while restyling layout
  • CVE-2017-7830: Cross-origin URL information leak through Resource Timing API
  • CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5

The following bug fixes and improvements are included:

  • Better support for Charter/Spectrum IMAP
  • No longer mark other messages as read in search folders spanning multiple base folders
  • IMAP alerts have been corrected and now show the correct server name in case of connection problems
  • POP alerts have been corrected and now indicate connection problems in case the configured POP server cannot be found
References

Affected packages

SUSE:Package Hub 12 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
52.5.0-48.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird-buildsymbols": "52.5.0-48.1",
            "MozillaThunderbird": "52.5.0-48.1",
            "MozillaThunderbird-devel": "52.5.0-48.1",
            "MozillaThunderbird-translations-common": "52.5.0-48.1",
            "MozillaThunderbird-translations-other": "52.5.0-48.1"
        }
    ]
}