Overview

File _patchinfo of Package patchinfo.14955

<patchinfo incident="14955">
  <issue tracker="bnc" id="1171186">VUL-0: MozillaFirefox: 68.8ESR / 76 release - MFSA 2020-16 / 2020-17</issue>
  <issue id="2020-12387" tracker="cve"/>
  <issue id="2020-12392" tracker="cve"/>
  <issue id="2020-12393" tracker="cve"/>
  <issue id="2020-12395" tracker="cve"/>
  <issue id="2020-6831" tracker="cve"/>
  <issue id="2020-12397" tracker="cve"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:
- Update to 68.8.0 ESR
  MFSA 2020-18 (bsc#1171186)
  * CVE-2020-12397 (bmo#1617370)
    Sender Email Address Spoofing using encoded Unicode
    characters
  * CVE-2020-12387 (bmo#1545345)
    Use-after-free during worker shutdown
  * CVE-2020-6831 (bmo#1632241)
    Buffer overflow in SCTP chunk input validation
  * CVE-2020-12392 (bmo#1614468)
    Arbitrary local file access with 'Copy as cURL'
  * CVE-2020-12393 (bmo#1615471)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command
    injection
  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704,
    bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076,
    bmo#1631508)
    Memory safety bugs fixed in Thunderbird 68.8.0

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places