File _patchinfo of Package patchinfo.15656

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.15656

<patchinfo incident="15656">
  <issue tracker="bnc" id="1173576">VUL-0: MozillaFirefox/MozillaThunderbird: 68.10ESR / 78.0.1 release</issue>
  <issue tracker="cve" id="2020-12417"/>
  <issue tracker="cve" id="2020-12420"/>
  <issue tracker="cve" id="2020-12421"/>
  <issue tracker="cve" id="2020-12419"/>
  <issue tracker="cve" id="2020-12418"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird to version 68.10.0 ESR fixes the following issues:

- CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576).
- CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576).
- CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576).
- CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576).
- CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576).
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.15656

Places