Overview

File _patchinfo of Package patchinfo.14356

<patchinfo incident="14356">
  <issue tracker="bnc" id="1166238">VUL-0: MozillaFirefox,MozillaThunderbird: 68.6ESR / 74 release - MFSA 2020-08 / 2020-09 / MFSA 2020-10</issue>
  <issue tracker="cve" id="2020-6805"/>
  <issue tracker="cve" id="2020-6812"/>
  <issue tracker="cve" id="2019-20503"/>
  <issue tracker="cve" id="2020-6811"/>
  <issue tracker="cve" id="2020-6807"/>
  <issue tracker="cve" id="2020-6806"/>
  <issue tracker="cve" id="2020-6814"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

MozillaThunderbird was updated to 68.6.0 ESR (MFSA 2020-10 bsc#1166238)

- CVE-2020-6805: Fixed a use-after-free when removing data about origins
- CVE-2020-6806: Fixed improper protections against state confusion
- CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction 
- CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully 
  escape website-controlled data potentially leading to command injection 
- CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init
- CVE-2020-6812: Fixed an issue where the names of AirPods with personally 
  identifiable information were exposed to websites with camera or microphone 
  permission
- CVE-2020-6814: Fixed multiple memory safety bugs
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places