openSUSE-SU-2019:1990-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1990-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2019:1990-1
Related
Published
2019-08-23T10:26:10Z
Modified
2019-08-23T10:26:10Z
Summary
Security update for MozillaThunderbird
Details

This update for MozillaThunderbird fixes the following issues:

  • Generate langpacks sequentially to avoid file corruption from racy file writes (boo#1137970)

  • Mozilla Thunderbird 60.8.0

    • Calendar: Problems when editing event times, some related to AM/PM setting in non-English locales MFSA 2019-23 (boo#1140868)
    • CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) Sandbox escape via installation of malicious languagepack
    • CVE-2019-11711 (bmo#1552541) Script injection within domain through inner window reuse
    • CVE-2019-11712 (bmo#1543804) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
    • CVE-2019-11713 (bmo#1528481) Use-after-free with HTTP/2 cached stream
    • CVE-2019-11729 (bmo#1515342) Empty or malformed p256-ECDH public keys may trigger a segmentation fault
    • CVE-2019-11715 (bmo#1555523) HTML parsing error can contribute to content XSS
    • CVE-2019-11717 (bmo#1548306) Caret character improperly escaped in origins
    • CVE-2019-11719 (bmo#1540541) Out-of-bounds read when importing curve25519 private key
    • CVE-2019-11730 (bmo#1558299) Same-origin policy treats all files in a directory as having the same-origin
    • CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498 bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522) Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and Thunderbird 60.8
References

Affected packages

SUSE:Package Hub 12 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
60.8.0-88.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird-buildsymbols": "60.8.0-88.1",
            "MozillaThunderbird": "60.8.0-88.1",
            "MozillaThunderbird-translations-other": "60.8.0-88.1",
            "MozillaThunderbird-translations-common": "60.8.0-88.1"
        }
    ]
}