opensuse-su-2019:0249-1
Vulnerability from csaf_opensuse
Published
2019-02-26 09:44
Modified
2019-02-26 09:44
Summary
Security update for MozillaThunderbird
Notes
Title of the patch
Security update for MozillaThunderbird
Description of the patch
This update for MozillaThunderbird to version 60.5.1 fixes the following issues:
Security vulnerabilities addressed (MFSA 2019-03 MFSA 2018-31 bsc#1122983 and MFSA 2019-06 bsc#1125330):
- CVE-2018-18356: Fixed a Use-after-free in Skia.
- CVE-2019-5785: Fixed an Integer overflow in Skia.
- CVE-2018-18335: Fixed a Buffer overflow in Skia by default deactivating Canvas 2D.
This issue does not affect Linuc distributions.
- CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME signatures
showing mistekenly that emails bring a valid sugnature.
- CVE-2018-18500: Use-after-free parsing HTML5 stream
- CVE-2018-18505: Privilege escalation through IPC channel messages
- CVE-2016-5824: DoS (use-after-free) via a crafted ics file
- CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
- CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with
TextureStorage11
- CVE-2018-18492: Use-after-free with select element
- CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
- CVE-2018-18494: Same-origin policy violation using location attribute and
performance.getEntries to steal cross-origin URLs
- CVE-2018-18498: Integer overflow when calculating buffer sizes for images
- CVE-2018-12405: Memory safety bugs
Other bug fixes and changes:
* FileLink provider WeTransfer to upload large attachments
* Thunderbird now allows the addition of OpenSearch search engines
from a local XML file using a minimal user inferface: [+] button
to select a file an add, [-] to remove.
* More search engines: Google and DuckDuckGo available by default
in some locales
* During account creation, Thunderbird will now detect servers
using the Microsoft Exchange protocol. It will offer the
installation of a 3rd party add-on (Owl) which supports that
protocol.
* Thunderbird now compatible with other WebExtension-based
FileLink add-ons like the Dropbox add-on
* New WebExtensions FileLink API to facilitate add-ons
* Fix decoding problems for messages with less common charsets
(cp932, cp936)
* New messages in the drafts folder (and other special or virtual
folders) will no longer be included in the new messages
notification
* Thunderbird 60 will migrate security databases (key3.db, cert8.db
to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a
fault that potentially deleted saved passwords and private certificate
keys for users using a master password. Version 60.3.3 will prevent
the loss of data; affected users who have already upgraded to version
60.3.2 or earlier can restore the deleted key3.db file from backup
to complete the migration.
* Address book search and auto-complete slowness introduced in
Thunderbird 60.3.2
* Plain text markup with * for bold, / for italics, _ for underline
and | for code did not work when the enclosed text contained
non-ASCII characters
* While composing a message, a link not removed when link location
was removed in the link properties panel
* Encoding problems when exporting address books or messages using
the system charset. Messages are now always exported using the
UTF-8 encoding
* If the 'Date' header of a message was invalid, Jan 1970 or Dec 1969
was displayed. Now using date from 'Received' header instead.
* Body search/filtering didn't reliably ignore content of tags
* Inappropriate warning 'Thunderbird prevented the site
(addons.thunderbird.net) from asking you to install software on
your computer' when installing add-ons
* Incorrect display of correspondents column since own email
address was not always detected
* Spurious 
 (encoded newline) inserted into drafts and sent email
* Double-clicking on a word in the Write window sometimes
launched the Advanced Property Editor or Link Properties dialog
* Fixe Cookie removal
* 'Download rest of message' was not working if global inbox was
used
* Fix Encoding problems for users (especially in Poland) when a
file was sent via a folder using 'Sent to > Mail recipient'
due to a problem in the Thunderbird MAPI interface
* According to RFC 4616 and RFC 5721, passwords containing
non-ASCII characters are encoded using UTF-8 which can lead to
problems with non-compliant providers, for example
office365.com. The SMTP LOGIN and POP3 USER/PASS
authentication methods are now using a Latin-1 encoding again
to work around this issue
* Fix shutdown crash/hang after entering an empty IMAP password
Patchnames
openSUSE-2019-249
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaThunderbird to version 60.5.1 fixes the following issues:\n\nSecurity vulnerabilities addressed (MFSA 2019-03 MFSA 2018-31 bsc#1122983 and MFSA 2019-06 bsc#1125330):\n\n- CVE-2018-18356: Fixed a Use-after-free in Skia.\n- CVE-2019-5785: Fixed an Integer overflow in Skia.\n- CVE-2018-18335: Fixed a Buffer overflow in Skia by default deactivating Canvas 2D.\n This issue does not affect Linuc distributions.\n- CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME signatures\n showing mistekenly that emails bring a valid sugnature. \n- CVE-2018-18500: Use-after-free parsing HTML5 stream\n- CVE-2018-18505: Privilege escalation through IPC channel messages\n- CVE-2016-5824: DoS (use-after-free) via a crafted ics file\n- CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5\n- CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with\n TextureStorage11\n- CVE-2018-18492: Use-after-free with select element\n- CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia\n- CVE-2018-18494: Same-origin policy violation using location attribute and\n performance.getEntries to steal cross-origin URLs\n- CVE-2018-18498: Integer overflow when calculating buffer sizes for images\n- CVE-2018-12405: Memory safety bugs\n\nOther bug fixes and changes:\n\n* FileLink provider WeTransfer to upload large attachments\n* Thunderbird now allows the addition of OpenSearch search engines\n from a local XML file using a minimal user inferface: [+] button\n to select a file an add, [-] to remove.\n* More search engines: Google and DuckDuckGo available by default\n in some locales\n* During account creation, Thunderbird will now detect servers\n using the Microsoft Exchange protocol. It will offer the\n installation of a 3rd party add-on (Owl) which supports that\n protocol.\n* Thunderbird now compatible with other WebExtension-based\n FileLink add-ons like the Dropbox add-on\n* New WebExtensions FileLink API to facilitate add-ons\n* Fix decoding problems for messages with less common charsets\n (cp932, cp936)\n* New messages in the drafts folder (and other special or virtual\n folders) will no longer be included in the new messages\n notification\n* Thunderbird 60 will migrate security databases (key3.db, cert8.db\n to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a\n fault that potentially deleted saved passwords and private certificate\n keys for users using a master password. Version 60.3.3 will prevent\n the loss of data; affected users who have already upgraded to version\n 60.3.2 or earlier can restore the deleted key3.db file from backup\n to complete the migration.\n* Address book search and auto-complete slowness introduced in\n Thunderbird 60.3.2\n* Plain text markup with * for bold, / for italics, _ for underline\n and | for code did not work when the enclosed text contained\n non-ASCII characters\n* While composing a message, a link not removed when link location\n was removed in the link properties panel\n* Encoding problems when exporting address books or messages using\n the system charset. Messages are now always exported using the\n UTF-8 encoding\n* If the \u0027Date\u0027 header of a message was invalid, Jan 1970 or Dec 1969\n was displayed. Now using date from \u0027Received\u0027 header instead.\n* Body search/filtering didn\u0027t reliably ignore content of tags\n* Inappropriate warning \u0027Thunderbird prevented the site\n (addons.thunderbird.net) from asking you to install software on\n your computer\u0027 when installing add-ons\n* Incorrect display of correspondents column since own email\n address was not always detected\n* Spurious \u0026#xA; (encoded newline) inserted into drafts and sent email\n* Double-clicking on a word in the Write window sometimes\n launched the Advanced Property Editor or Link Properties dialog\n* Fixe Cookie removal\n* \u0027Download rest of message\u0027 was not working if global inbox was\n used\n* Fix Encoding problems for users (especially in Poland) when a\n file was sent via a folder using \u0027Sent to \u003e Mail recipient\u0027\n due to a problem in the Thunderbird MAPI interface\n* According to RFC 4616 and RFC 5721, passwords containing\n non-ASCII characters are encoded using UTF-8 which can lead to\n problems with non-compliant providers, for example\n office365.com. The SMTP LOGIN and POP3 USER/PASS\n authentication methods are now using a Latin-1 encoding again\n to work around this issue\n* Fix shutdown crash/hang after entering an empty IMAP password\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-249",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0249-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:0249-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NSXP45BAXW5ILKJSQRXHTBUOBZUKLD2F/#NSXP45BAXW5ILKJSQRXHTBUOBZUKLD2F"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:0249-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NSXP45BAXW5ILKJSQRXHTBUOBZUKLD2F/#NSXP45BAXW5ILKJSQRXHTBUOBZUKLD2F"
},
{
"category": "self",
"summary": "SUSE Bug 1122983",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "self",
"summary": "SUSE Bug 1125330",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5824 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12405 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17466 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18335 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18356 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18492 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18493 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18493/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18494 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18498 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18500 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18501 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18505 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18509 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5785 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5785/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2019-02-26T09:44:25Z",
"generator": {
"date": "2019-02-26T09:44:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:0249-1",
"initial_release_date": "2019-02-26T09:44:25Z",
"revision_history": [
{
"date": "2019-02-26T09:44:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-60.5.1-79.1.x86_64",
"product": {
"name": "MozillaThunderbird-60.5.1-79.1.x86_64",
"product_id": "MozillaThunderbird-60.5.1-79.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"product": {
"name": "MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"product_id": "MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-60.5.1-79.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-60.5.1-79.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-60.5.1-79.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-60.5.1-79.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64"
},
"product_reference": "MozillaThunderbird-60.5.1-79.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64"
},
"product_reference": "MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-60.5.1-79.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5824"
}
],
"notes": [
{
"category": "general",
"text": "libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5824",
"url": "https://www.suse.com/security/cve/CVE-2016-5824"
},
{
"category": "external",
"summary": "SUSE Bug 1015964 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/1015964"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986631 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986631"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986639"
},
{
"category": "external",
"summary": "SUSE Bug 986642 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986642"
},
{
"category": "external",
"summary": "SUSE Bug 986658 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2016-5824"
},
{
"cve": "CVE-2018-12405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12405"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12405",
"url": "https://www.suse.com/security/cve/CVE-2018-12405"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "low"
}
],
"title": "CVE-2018-12405"
},
{
"cve": "CVE-2018-17466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17466"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17466",
"url": "https://www.suse.com/security/cve/CVE-2018-17466"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "low"
}
],
"title": "CVE-2018-17466"
},
{
"cve": "CVE-2018-18335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18335"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18335",
"url": "https://www.suse.com/security/cve/CVE-2018-18335"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18335",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18335",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18335"
},
{
"cve": "CVE-2018-18356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18356"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18356",
"url": "https://www.suse.com/security/cve/CVE-2018-18356"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18356"
},
{
"cve": "CVE-2018-18492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18492"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18492",
"url": "https://www.suse.com/security/cve/CVE-2018-18492"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "low"
}
],
"title": "CVE-2018-18492"
},
{
"cve": "CVE-2018-18493",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18493"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18493",
"url": "https://www.suse.com/security/cve/CVE-2018-18493"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "low"
}
],
"title": "CVE-2018-18493"
},
{
"cve": "CVE-2018-18494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18494"
}
],
"notes": [
{
"category": "general",
"text": "A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18494",
"url": "https://www.suse.com/security/cve/CVE-2018-18494"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "low"
}
],
"title": "CVE-2018-18494"
},
{
"cve": "CVE-2018-18498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18498"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18498",
"url": "https://www.suse.com/security/cve/CVE-2018-18498"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "low"
}
],
"title": "CVE-2018-18498"
},
{
"cve": "CVE-2018-18500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18500"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18500",
"url": "https://www.suse.com/security/cve/CVE-2018-18500"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18500",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18500",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "important"
}
],
"title": "CVE-2018-18500"
},
{
"cve": "CVE-2018-18501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18501"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18501",
"url": "https://www.suse.com/security/cve/CVE-2018-18501"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18501",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18501",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "important"
}
],
"title": "CVE-2018-18501"
},
{
"cve": "CVE-2018-18505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18505"
}
],
"notes": [
{
"category": "general",
"text": "An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18505",
"url": "https://www.suse.com/security/cve/CVE-2018-18505"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18505",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18505",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "important"
}
],
"title": "CVE-2018-18505"
},
{
"cve": "CVE-2018-18509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18509"
}
],
"notes": [
{
"category": "general",
"text": "A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren\u0027t covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird \u003c 60.5.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18509",
"url": "https://www.suse.com/security/cve/CVE-2018-18509"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18509",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18509"
},
{
"cve": "CVE-2019-5785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5785"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5785",
"url": "https://www.suse.com/security/cve/CVE-2019-5785"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2019-5785",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2019-5785",
"url": "https://bugzilla.suse.com/1125396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2019-5785"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…