opensuse-su-2017:1579-1
Vulnerability from csaf_opensuse
Published
2017-06-16 09:03
Modified
2017-06-16 09:03
Summary
Security update for Mozilla Thunderbird
Notes
Title of the patch
Security update for Mozilla Thunderbird
Description of the patch
This update to Thunderbird 52.2 fixes security issues and bugs.
The following vulnerabilities were fixed:
* CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
* CVE-2017-7749: Use-after-free during docshell reloading
* CVE-2017-7750: Use-after-free with track elements
* CVE-2017-7751: Use-after-free with content viewer listeners
* CVE-2017-7752: Use-after-free with IME input
* CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
* CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
* CVE-2017-7757: Use-after-free in IndexedDB
* CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
CVE-2017-7777: Vulnerabilities in the Graphite 2 library
* CVE-2017-7758: Out-of-bounds read in Opus encoder
* CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
* CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
Mozilla Thunderbird now requires NSS 3.28.5.
The following bugs were fixed:
* Embedded images not shown in email received from Hotmail/Outlook webmailer
* Detection of non-ASCII font names in font selector
* Attachment not forwarded correctly under certain circumstances
* Multiple requests for master password when GMail OAuth2 is enabled
* Large number of blank pages being printed under certain circumstances when invalid preferences were present
* Messages sent via the Simple MAPI interface are forced to HTML
* Calendar: Invitations can't be printed
* Mailing list (group) not accessible from macOS or Outlook address book
* Clicking on links with references/anchors where target doesn't exist in the message not opening in external browser
Patchnames
openSUSE-2017-694
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Mozilla Thunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update to Thunderbird 52.2 fixes security issues and bugs.\n\nThe following vulnerabilities were fixed:\n \n* CVE-2017-5472: Use-after-free using destroyed node when regenerating trees\n* CVE-2017-7749: Use-after-free during docshell reloading\n* CVE-2017-7750: Use-after-free with track elements\n* CVE-2017-7751: Use-after-free with content viewer listeners\n* CVE-2017-7752: Use-after-free with IME input\n* CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object\n* CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors\n* CVE-2017-7757: Use-after-free in IndexedDB\n* CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,\n CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,\n CVE-2017-7777: Vulnerabilities in the Graphite 2 library\n* CVE-2017-7758: Out-of-bounds read in Opus encoder\n* CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks\n* CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2\n\nMozilla Thunderbird now requires NSS 3.28.5.\n\nThe following bugs were fixed:\n\n* Embedded images not shown in email received from Hotmail/Outlook webmailer\n* Detection of non-ASCII font names in font selector\n* Attachment not forwarded correctly under certain circumstances\n* Multiple requests for master password when GMail OAuth2 is enabled\n* Large number of blank pages being printed under certain circumstances when invalid preferences were present\n* Messages sent via the Simple MAPI interface are forced to HTML\n* Calendar: Invitations can\u0027t be printed\n* Mailing list (group) not accessible from macOS or Outlook address book\n* Clicking on links with references/anchors where target doesn\u0027t exist in the message not opening in external browser\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2017-694",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_1579-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1040105",
"url": "https://bugzilla.suse.com/1040105"
},
{
"category": "self",
"summary": "SUSE Bug 1042090",
"url": "https://bugzilla.suse.com/1042090"
},
{
"category": "self",
"summary": "SUSE Bug 1043960",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "self",
"summary": "SUSE Bug 1273265",
"url": "https://bugzilla.suse.com/1273265"
},
{
"category": "self",
"summary": "SUSE Bug 1355039",
"url": "https://bugzilla.suse.com/1355039"
},
{
"category": "self",
"summary": "SUSE Bug 1356558",
"url": "https://bugzilla.suse.com/1356558"
},
{
"category": "self",
"summary": "SUSE Bug 1356824",
"url": "https://bugzilla.suse.com/1356824"
},
{
"category": "self",
"summary": "SUSE Bug 1357090",
"url": "https://bugzilla.suse.com/1357090"
},
{
"category": "self",
"summary": "SUSE Bug 1359547",
"url": "https://bugzilla.suse.com/1359547"
},
{
"category": "self",
"summary": "SUSE Bug 1360309",
"url": "https://bugzilla.suse.com/1360309"
},
{
"category": "self",
"summary": "SUSE Bug 1363396",
"url": "https://bugzilla.suse.com/1363396"
},
{
"category": "self",
"summary": "SUSE Bug 1364283",
"url": "https://bugzilla.suse.com/1364283"
},
{
"category": "self",
"summary": "SUSE Bug 1365602",
"url": "https://bugzilla.suse.com/1365602"
},
{
"category": "self",
"summary": "SUSE Bug 1366595",
"url": "https://bugzilla.suse.com/1366595"
},
{
"category": "self",
"summary": "SUSE Bug 1368490",
"url": "https://bugzilla.suse.com/1368490"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5470 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5472 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5472/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7749 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7750 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7751 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7752 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7754 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7756 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7757 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7758 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7763 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7764 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7765 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7771 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7771/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7772 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7773 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7774 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7774/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7775 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7776 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7777 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7778 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7778/"
}
],
"title": "Security update for Mozilla Thunderbird",
"tracking": {
"current_release_date": "2017-06-16T09:03:31Z",
"generator": {
"date": "2017-06-16T09:03:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2017:1579-1",
"initial_release_date": "2017-06-16T09:03:31Z",
"revision_history": [
{
"date": "2017-06-16T09:03:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-52.2-36.1.x86_64",
"product": {
"name": "MozillaThunderbird-52.2-36.1.x86_64",
"product_id": "MozillaThunderbird-52.2-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"product": {
"name": "MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"product_id": "MozillaThunderbird-buildsymbols-52.2-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-52.2-36.1.x86_64",
"product": {
"name": "MozillaThunderbird-devel-52.2-36.1.x86_64",
"product_id": "MozillaThunderbird-devel-52.2-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-52.2-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-52.2-36.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-52.2-36.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-52.2-36.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-52.2-36.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64"
},
"product_reference": "MozillaThunderbird-52.2-36.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-buildsymbols-52.2-36.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64"
},
"product_reference": "MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-52.2-36.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64"
},
"product_reference": "MozillaThunderbird-devel-52.2-36.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-52.2-36.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-52.2-36.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-52.2-36.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-5470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5470"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5470",
"url": "https://www.suse.com/security/cve/CVE-2017-5470"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-5470",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-5470",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-5470",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-5470",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-5470",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-5470"
},
{
"cve": "CVE-2017-5472",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5472"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5472",
"url": "https://www.suse.com/security/cve/CVE-2017-5472"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-5472",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-5472",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-5472",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-5472",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-5472",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-5472"
},
{
"cve": "CVE-2017-7749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7749"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7749",
"url": "https://www.suse.com/security/cve/CVE-2017-7749"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7749",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7749",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7749",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7749",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7749",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7749"
},
{
"cve": "CVE-2017-7750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7750"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability during video control operations when a \"\u003ctrack\u003e\" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7750",
"url": "https://www.suse.com/security/cve/CVE-2017-7750"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7750",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7750",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7750",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7750",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7750",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7750"
},
{
"cve": "CVE-2017-7751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7751"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7751",
"url": "https://www.suse.com/security/cve/CVE-2017-7751"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7751",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7751",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7751",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7751",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7751",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7751"
},
{
"cve": "CVE-2017-7752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7752"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7752",
"url": "https://www.suse.com/security/cve/CVE-2017-7752"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7752",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7752",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7752",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7752",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7752",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7752"
},
{
"cve": "CVE-2017-7754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7754"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read in WebGL with a maliciously crafted \"ImageInfo\" object during WebGL operations. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7754",
"url": "https://www.suse.com/security/cve/CVE-2017-7754"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7754",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7754",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7754",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7754",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7754",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7754"
},
{
"cve": "CVE-2017-7756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7756"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7756",
"url": "https://www.suse.com/security/cve/CVE-2017-7756"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7756",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7756",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7756",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7756",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7756",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7756"
},
{
"cve": "CVE-2017-7757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7757"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7757",
"url": "https://www.suse.com/security/cve/CVE-2017-7757"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7757",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7757",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7757",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7757",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7757",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7757"
},
{
"cve": "CVE-2017-7758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7758"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7758",
"url": "https://www.suse.com/security/cve/CVE-2017-7758"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7758",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7758",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7758",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7758",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7758",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7758"
},
{
"cve": "CVE-2017-7763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7763"
}
],
"notes": [
{
"category": "general",
"text": "Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7763",
"url": "https://www.suse.com/security/cve/CVE-2017-7763"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7763",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7763",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7763",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7763",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7763",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7763"
},
{
"cve": "CVE-2017-7764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7764"
}
],
"notes": [
{
"category": "general",
"text": "Characters from the \"Canadian Syllabics\" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw \"punycode\" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from \"Aspirational Use Scripts\" such as Canadian Syllabics to be mixed with Latin characters in the \"moderately restrictive\" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as \"Limited Use Scripts.\". This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7764",
"url": "https://www.suse.com/security/cve/CVE-2017-7764"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7764",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7764",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7764",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7764",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7764",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7764"
},
{
"cve": "CVE-2017-7765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7765"
}
],
"notes": [
{
"category": "general",
"text": "The \"Mark of the Web\" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7765",
"url": "https://www.suse.com/security/cve/CVE-2017-7765"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7765",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7765",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7765",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7765",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7765",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7765"
},
{
"cve": "CVE-2017-7771",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7771"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7771",
"url": "https://www.suse.com/security/cve/CVE-2017-7771"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7771",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7771",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7771",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7771",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7771",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7771"
},
{
"cve": "CVE-2017-7772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7772"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7772",
"url": "https://www.suse.com/security/cve/CVE-2017-7772"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7772",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7772",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7772",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7772",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7772",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7772"
},
{
"cve": "CVE-2017-7773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7773"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7773",
"url": "https://www.suse.com/security/cve/CVE-2017-7773"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7773",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7773",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7773",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7773",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7773",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7773"
},
{
"cve": "CVE-2017-7774",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7774"
}
],
"notes": [
{
"category": "general",
"text": "Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7774",
"url": "https://www.suse.com/security/cve/CVE-2017-7774"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7774",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7774",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7774",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7774",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7774",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7774"
},
{
"cve": "CVE-2017-7775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7775"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7775",
"url": "https://www.suse.com/security/cve/CVE-2017-7775"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7775",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7775",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7775",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7775",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7775",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7775"
},
{
"cve": "CVE-2017-7776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7776"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7776",
"url": "https://www.suse.com/security/cve/CVE-2017-7776"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7776",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7776",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7776",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7776",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7776",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7776"
},
{
"cve": "CVE-2017-7777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7777"
}
],
"notes": [
{
"category": "general",
"text": "Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7777",
"url": "https://www.suse.com/security/cve/CVE-2017-7777"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7777",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7777",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7777",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7777",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7777",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7777"
},
{
"cve": "CVE-2017-7778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7778"
}
],
"notes": [
{
"category": "general",
"text": "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox \u003c 54, Firefox ESR \u003c 52.2, and Thunderbird \u003c 52.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7778",
"url": "https://www.suse.com/security/cve/CVE-2017-7778"
},
{
"category": "external",
"summary": "SUSE Bug 1043960 for CVE-2017-7778",
"url": "https://bugzilla.suse.com/1043960"
},
{
"category": "external",
"summary": "SUSE Bug 1044239 for CVE-2017-7778",
"url": "https://bugzilla.suse.com/1044239"
},
{
"category": "external",
"summary": "SUSE Bug 1044240 for CVE-2017-7778",
"url": "https://bugzilla.suse.com/1044240"
},
{
"category": "external",
"summary": "SUSE Bug 1044241 for CVE-2017-7778",
"url": "https://bugzilla.suse.com/1044241"
},
{
"category": "external",
"summary": "SUSE Bug 1044242 for CVE-2017-7778",
"url": "https://bugzilla.suse.com/1044242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-52.2-36.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-52.2-36.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-16T09:03:31Z",
"details": "important"
}
],
"title": "CVE-2017-7778"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…