Oval Definition:oval:org.opensuse.security:def:53884
Revision Date:2020-12-01Version:1
Title:Security update for MozillaThunderbird (Important)
Description:

This update for MozillaThunderbird fixes the following issues:

TODO - Mozilla Thunderbird 78.5.0 * new: OpenPGP: Added option to disable attaching the public key to a signed message (bmo#1654950) * new: MailExtensions: 'compose_attachments' context added to Menus API (bmo#1670822) * new: MailExtensions: Menus API now available on displayed messages (bmo#1670825) * changed: MailExtensions: browser.tabs.create will now wait for 'mail-delayed-startup-finished' event (bmo#1674407) * fixed: OpenPGP: Support for inline PGP messages improved (bmo#1672851) * fixed: OpenPGP: Message security dialog showed unverified keys as unavailable (bmo#1675285) * fixed: Chat: New chat contact menu item did not function (bmo#1663321) * fixed: Various theme and usability improvements (bmo#1673861) * fixed: Various security fixes MFSA 2020-52 (bsc#1178894) * CVE-2020-26951 (bmo#1667113) Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012 (bmo#1642028) Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953 (bmo#1656741) Fullscreen could be enabled without displaying the security UI * CVE-2020-26956 (bmo#1666300) XSS through paste (manual and clipboard API) * CVE-2020-26958 (bmo#1669355) Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959 (bmo#1669466) Use-after-free in WebRequestService * CVE-2020-26960 (bmo#1670358) Potential use-after-free in uses of nsTArray * CVE-2020-15999 (bmo#1672223) Heap buffer overflow in freetype * CVE-2020-26961 (bmo#1672528) DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965 (bmo#1661617) Software keyboards may have remembered typed passwords * CVE-2020-26966 (bmo#1663571) Single-word search queries were also broadcast to local network * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697, bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479, bmo#1671923) Memory safety bugs fixed in Thunderbird 78.5

- Mozilla Thunderbird 78.4.3 * fixed: User interface was inconsistent when switching from the default theme to the dark theme and back to the default theme (bmo#1659282) * fixed: Email subject would disappear when hovering over it with the mouse when using Windows 7 Classic theme (bmo#1675970)
Family:unixClass:patch
Status:Reference(s):1011276
1028842
1049305
1049306
1049307
1049309
1049310
1049311
1049312
1049313
1049314
1049315
1049316
1049317
1049318
1049319
1049320
1049321
1049322
1049323
1049324
1049325
1049326
1049327
1049328
1049329
1049330
1049331
1049332
1052318
1056127
1056128
1056129
1056131
1056132
1056136
1060445
1061005
1062063
1064071
1064072
1064073
1064075
1064077
1064078
1064079
1064080
1064081
1064082
1064083
1064084
1064085
1064086
1066644
1070130
1071459
1071460
1072887
1073973
1076500
1103511
1178894
865241
923144
928867
953516
953519
953521
CVE-2006-0855
CVE-2007-1669
CVE-2008-4225
CVE-2008-4226
CVE-2008-4409
CVE-2009-3736
CVE-2010-4494
CVE-2011-1944
CVE-2012-5134
CVE-2013-0338
CVE-2013-1969
CVE-2014-0191
CVE-2014-3248
CVE-2014-3660
CVE-2014-9756
CVE-2015-1819
CVE-2015-3294
CVE-2015-3451
CVE-2015-5312
CVE-2015-7497
CVE-2015-7498
CVE-2015-7499
CVE-2015-7500
CVE-2015-7805
CVE-2015-7941
CVE-2015-7942
CVE-2015-8035
CVE-2015-8075
CVE-2015-8241
CVE-2015-8242
CVE-2015-8317
CVE-2015-8710
CVE-2015-9262
CVE-2016-10165
CVE-2016-1762
CVE-2016-1833
CVE-2016-1834
CVE-2016-1835
CVE-2016-1836
CVE-2016-1837
CVE-2016-1838
CVE-2016-1839
CVE-2016-1840
CVE-2016-3627
CVE-2016-3705
CVE-2016-4483
CVE-2016-4658
CVE-2016-5131
CVE-2016-9318
CVE-2016-9427
CVE-2016-9597
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
CVE-2017-0663
CVE-2017-10053
CVE-2017-10067
CVE-2017-10074
CVE-2017-10081
CVE-2017-10086
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10105
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10111
CVE-2017-10114
CVE-2017-10115
CVE-2017-10116
CVE-2017-10118
CVE-2017-10125
CVE-2017-10135
CVE-2017-10176
CVE-2017-10193
CVE-2017-10198
CVE-2017-10243
CVE-2017-10274
CVE-2017-10281
CVE-2017-10285
CVE-2017-10295
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
CVE-2017-10672
CVE-2017-13728
CVE-2017-13729
CVE-2017-13730
CVE-2017-13731
CVE-2017-13732
CVE-2017-13733
CVE-2017-15412
CVE-2017-16548
CVE-2017-17433
CVE-2017-17434
CVE-2017-18258
CVE-2017-5130
CVE-2017-5969
CVE-2017-7375
CVE-2017-7376
CVE-2017-7793
CVE-2017-7805
CVE-2017-7810
CVE-2017-7814
CVE-2017-7818
CVE-2017-7819
CVE-2017-7823
CVE-2017-7824
CVE-2017-7825
CVE-2017-8872
CVE-2017-9047
CVE-2017-9048
CVE-2017-9049
CVE-2017-9050
CVE-2018-14404
CVE-2018-14567
CVE-2018-5748
CVE-2018-9251
CVE-2020-15999
CVE-2020-16012
CVE-2020-26951
CVE-2020-26953
CVE-2020-26956
CVE-2020-26958
CVE-2020-26959
CVE-2020-26960
CVE-2020-26961
CVE-2020-26965
CVE-2020-26966
CVE-2020-26968
SUSE-SU-2015:0979-1
SUSE-SU-2015:2000-1
SUSE-SU-2016:3057-1
SUSE-SU-2017:2688-1
SUSE-SU-2018:0005-1
SUSE-SU-2018:0118-1
SUSE-SU-2018:0120-1
SUSE-SU-2018:0385-1
SUSE-SU-2018:2841-1
SUSE-SU-2020:3528-1
SUSE-SU-403
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Workstation Extension 15 SP1
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • gegl-0_3-0.3.34-lp150.1 is installed
  • OR gegl-0_3-lang-0.3.34-lp150.1 is installed
  • OR libgegl-0_3-0-0.3.34-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libxslt-1.1.32-lp151.3.3 is installed
  • OR libxslt-devel-1.1.32-lp151.3.3 is installed
  • OR libxslt-devel-32bit-1.1.32-lp151.3.3 is installed
  • OR libxslt-python-1.1.32-lp151.3.3 is installed
  • OR libxslt-tools-1.1.32-lp151.3.3 is installed
  • OR libxslt1-1.1.32-lp151.3.3 is installed
  • OR libxslt1-32bit-1.1.32-lp151.3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • curl-7.19.7-1.20.31 is installed
  • OR libcurl4-7.19.7-1.20.31 is installed
  • OR libcurl4-32bit-7.19.7-1.20.31 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • MozillaFirefox-31.8.0esr-0.13 is installed
  • OR MozillaFirefox-translations-31.8.0esr-0.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • java-1_7_0-openjdk-1.7.0.91-0.14 is installed
  • OR java-1_7_0-openjdk-demo-1.7.0.91-0.14 is installed
  • OR java-1_7_0-openjdk-devel-1.7.0.91-0.14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND facter-2.0.2-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • libqt4-4.8.6-7 is installed
  • OR libqt4-32bit-4.8.6-7 is installed
  • OR libqt4-qt3support-4.8.6-7 is installed
  • OR libqt4-qt3support-32bit-4.8.6-7 is installed
  • OR libqt4-sql-4.8.6-7 is installed
  • OR libqt4-sql-32bit-4.8.6-7 is installed
  • OR libqt4-sql-mysql-4.8.6-7 is installed
  • OR libqt4-sql-mysql-32bit-4.8.6-7 is installed
  • OR libqt4-sql-plugins-4.8.6-7 is installed
  • OR libqt4-sql-postgresql-4.8.6-7 is installed
  • OR libqt4-sql-postgresql-32bit-4.8.6-7 is installed
  • OR libqt4-sql-sqlite-4.8.6-7 is installed
  • OR libqt4-sql-sqlite-32bit-4.8.6-7 is installed
  • OR libqt4-sql-unixODBC-4.8.6-7 is installed
  • OR libqt4-sql-unixODBC-32bit-4.8.6-7 is installed
  • OR libqt4-x11-4.8.6-7 is installed
  • OR libqt4-x11-32bit-4.8.6-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • gc-7.2d-5 is installed
  • OR libgc1-7.2d-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • libXcursor-1.1.14-4.6 is installed
  • OR libXcursor1-1.1.14-4.6 is installed
  • OR libXcursor1-32bit-1.1.14-4.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • libltdl7-2.4.2-17.4 is installed
  • OR libltdl7-32bit-2.4.2-17.4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • colord-gtk-lang-0.1.25-3 is installed
  • OR libcolord-gtk1-0.1.25-3 is installed
  • OR libcolord2-1.1.7-5 is installed
  • OR libcolord2-32bit-1.1.7-5 is installed
  • OR libcolorhug2-1.1.7-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_69-60_64_35-default-4-2 is installed
  • OR kgraft-patch-3_12_69-60_64_35-xen-4-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_14-4-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libupsclient1-2.7.1-4 is installed
  • OR nut-2.7.1-4 is installed
  • OR nut-drivers-net-2.7.1-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • xen-4.7.6_06-43.48 is installed
  • OR xen-doc-html-4.7.6_06-43.48 is installed
  • OR xen-libs-4.7.6_06-43.48 is installed
  • OR xen-libs-32bit-4.7.6_06-43.48 is installed
  • OR xen-tools-4.7.6_06-43.48 is installed
  • OR xen-tools-domU-4.7.6_06-43.48 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • openslp-2.0.0-18.17 is installed
  • OR openslp-32bit-2.0.0-18.17 is installed
  • OR openslp-server-2.0.0-18.17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • ghostscript-9.25-23.13 is installed
  • OR ghostscript-x11-9.25-23.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND gzip-1.6-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_176-94_88-default-4-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_24-4-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.40-30.54 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND libcares2-1.9.1-9.4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • cups-pk-helper-0.2.5-5 is installed
  • OR cups-pk-helper-lang-0.2.5-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND Package Information
  • MozillaThunderbird-78.5.0-3.107 is installed
  • OR MozillaThunderbird-translations-common-78.5.0-3.107 is installed
  • OR MozillaThunderbird-translations-other-78.5.0-3.107 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND python-pymongo-3.0.3-1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND ucode-intel-20190514-13.44 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND sudo-1.8.20p2-3.14 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • ceph-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR ceph-common-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR libcephfs2-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR librados2-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR libradosstriper1-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR librbd1-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR librgw2-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR python-cephfs-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR python-rados-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR python-rbd-12.2.12+git.1587570958.35d78d0243-2.45 is installed
  • OR python-rgw-12.2.12+git.1587570958.35d78d0243-2.45 is installed
    • BACK