openSUSE-SU-2017:3110-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2017:3110-1.json

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2017:3110-1

Related

Published

2017-11-27T18:50:59Z

Modified

2017-11-27T18:50:59Z

Summary

Security update for Mozilla Thunderbird

Details

This update for Mozilla Thunderbird fixes the following issues:

Security issues fixed in 52.5.0 ESR as advised in MFSA 2017-26 (boo#1068101):

CVE-2017-7828: Use-after-free of PressShell while restyling layout
CVE-2017-7830: Cross-origin URL information leak through Resource Timing API
CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5

The following bug fixes and improvements are included:

Better support for Charter/Spectrum IMAP
No longer mark other messages as read in search folders spanning multiple base folders
IMAP alerts have been corrected and now show the correct server name in case of connection problems
POP alerts have been corrected and now indicate connection problems in case the configured POP server cannot be found

References

Affected packages

SUSE:Package Hub 12 / MozillaThunderbird

Package

Name: MozillaThunderbird
Purl: purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

52.5.0-48.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird-buildsymbols": "52.5.0-48.1",
            "MozillaThunderbird": "52.5.0-48.1",
            "MozillaThunderbird-devel": "52.5.0-48.1",
            "MozillaThunderbird-translations-common": "52.5.0-48.1",
            "MozillaThunderbird-translations-other": "52.5.0-48.1"
        }
    ]
}