Mailinglist Archive: opensuse-updates (116 mails)

< Previous Next >
openSUSE-SU-2017:1579-1: moderate: Security update for Mozilla Thunderbird
openSUSE Security Update: Security update for Mozilla Thunderbird

Announcement ID: openSUSE-SU-2017:1579-1
Rating: moderate
References: #1040105 #1042090 #1043960
Cross-References: CVE-2017-5470 CVE-2017-5472 CVE-2017-7749
CVE-2017-7750 CVE-2017-7751 CVE-2017-7752
CVE-2017-7754 CVE-2017-7756 CVE-2017-7757
CVE-2017-7758 CVE-2017-7763 CVE-2017-7764
CVE-2017-7765 CVE-2017-7771 CVE-2017-7772
CVE-2017-7773 CVE-2017-7774 CVE-2017-7775
CVE-2017-7776 CVE-2017-7777 CVE-2017-7778

Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12

An update that fixes 21 vulnerabilities is now available.


This update to Thunderbird 52.2 fixes security issues and bugs.

The following vulnerabilities were fixed:

* CVE-2017-5472: Use-after-free using destroyed node when regenerating
* CVE-2017-7749: Use-after-free during docshell reloading
* CVE-2017-7750: Use-after-free with track elements
* CVE-2017-7751: Use-after-free with content viewer listeners
* CVE-2017-7752: Use-after-free with IME input
* CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
* CVE-2017-7756: Use-after-free and use-after-scope logging XHR header
* CVE-2017-7757: Use-after-free in IndexedDB
* CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
CVE-2017-7777: Vulnerabilities in the Graphite 2 library
* CVE-2017-7758: Out-of-bounds read in Opus encoder
* CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics
and other unicode blocks
* CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR

Mozilla Thunderbird now requires NSS 3.28.5.

The following bugs were fixed:

* Embedded images not shown in email received from Hotmail/Outlook
* Detection of non-ASCII font names in font selector
* Attachment not forwarded correctly under certain circumstances
* Multiple requests for master password when GMail OAuth2 is enabled
* Large number of blank pages being printed under certain circumstances
when invalid preferences were present
* Messages sent via the Simple MAPI interface are forced to HTML
* Calendar: Invitations can't be printed
* Mailing list (group) not accessible from macOS or Outlook address book
* Clicking on links with references/anchors where target doesn't exist in
the message not opening in external browser

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2017-694=1

To bring your system up-to-date, use "zypper patch".

Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):



< Previous Next >
This Thread
  • No further messages