| Description: | Summary:
The remote host is missing an update for the 'MozillaThunderbird'
package(s) announced via the openSUSE-SU-2019:0251-1 advisory.
Vulnerability Insight:
This update for MozillaThunderbird to version 60.5.1 fixes the following
issues:
Security vulnerabilities addressed (MSFA 2019-03 MSFA 2018-31 MFSA
2019-06 bsc#1122983 bsc#1119105 bsc#1125330):
- CVE-2018-18356: Fixed a Use-after-free in Skia.
- CVE-2019-5785: Fixed an Integer overflow in Skia.
- CVE-2018-18335: Fixed a Buffer overflow in Skia by default deactivating
Canvas 2D. This issue does not affect Linuc distributions.
- CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME
signatures showing mistekenly that emails bring a valid sugnature.
- CVE-2018-18500: Use-after-free parsing HTML5 stream
- CVE-2018-18505: Privilege escalation through IPC channel messages
- CVE-2016-5824 DoS (use-after-free) via a crafted ics file
- CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR
60.5
- CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library
with TextureStorage11
- CVE-2018-18492: Use-after-free with select element
- CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
- CVE-2018-18494: Same-origin policy violation using location attribute
and performance.getEntries to steal cross-origin URLs
- CVE-2018-18498: Integer overflow when calculating buffer sizes for images
- CVE-2018-12405: Memory safety bugs fixed in Firefox 64, 60.4, and
Thunderbird 60.4
Other bug fixes and changes:
- FileLink provider WeTransfer to upload large attachments
- Thunderbird now allows the addition of OpenSearch search engines from a
local XML file using a minimal user interface: [+] button to select a
file an add, [-] to remove.
- More search engines: Google and DuckDuckGo available by default in some
locales
- During account creation, Thunderbird will now detect servers using the
Microsoft Exchange protocol. It will offer the installation of a 3rd
party add-on (Owl) which supports that protocol.
- Thunderbird now compatible with other WebExtension-based FileLink
add-ons like the Dropbox add-on
- New WebExtensions FileLink API to facilitate add-ons
- Fix decoding problems for messages with less common charsets (cp932,
cp936)
- New messages in the drafts folder (and other special or virtual folders)
will no longer be included in the new messages notification
- Thunderbird 60 will migrate security databases (key3.db, cert8.db to
key4.db, cert9.db).
- Address book search and auto-complete slowness
- Plain text markup with * for bold, / for italics, _ for underline and
for code did not work when the enclosed text contained non-ASCII
charact ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
MozillaThunderbird on openSUSE Leap 15.0.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
