Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:1591-1

Опубликовано: 10 июн. 2020
Источник: suse-cvrf

Описание

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird 68.9.0 (bsc#1172402)

  • CVE-2020-12405: Fixed a use-after-free in SharedWorkerService.
  • CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes.
  • CVE-2020-12410: Fixed multiple memory safety issues
  • CVE-2020-12398: Fixed a potential information leak due to security downgrade with IMAP STARTTLS
  • Use a symbolic icon from branding internals

Список пакетов

SUSE Linux Enterprise Workstation Extension 15 SP1
MozillaThunderbird-68.9.0-3.85.2
MozillaThunderbird-translations-common-68.9.0-3.85.2
MozillaThunderbird-translations-other-68.9.0-3.85.2

Ссылки

Описание

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.

Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-68.9.0-3.85.2
SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-common-68.9.0-3.85.2
SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-other-68.9.0-3.85.2
Ссылки

Описание

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-68.9.0-3.85.2
SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-common-68.9.0-3.85.2
SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-other-68.9.0-3.85.2
Ссылки

Описание

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-68.9.0-3.85.2
SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-common-68.9.0-3.85.2
SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-other-68.9.0-3.85.2
Ссылки

Описание

Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-68.9.0-3.85.2
SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-common-68.9.0-3.85.2
SUSE Linux Enterprise Workstation Extension 15 SP1:MozillaThunderbird-translations-other-68.9.0-3.85.2
Ссылки