Overview

File _patchinfo of Package patchinfo.6880

<patchinfo incident="6880">
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <summary>Security update for Mozilla Thunderbird</summary>
  <description>This update to Thunderbird 52.2 fixes security issues and bugs.

The following vulnerabilities were fixed:
    
* CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
* CVE-2017-7749: Use-after-free during docshell reloading
* CVE-2017-7750: Use-after-free with track elements
* CVE-2017-7751: Use-after-free with content viewer listeners
* CVE-2017-7752: Use-after-free with IME input
* CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
* CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
* CVE-2017-7757: Use-after-free in IndexedDB
* CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
  CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
  CVE-2017-7777: Vulnerabilities in the Graphite 2 library
* CVE-2017-7758: Out-of-bounds read in Opus encoder
* CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
* CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2

Mozilla Thunderbird now requires NSS 3.28.5.

The following bugs were fixed:

* Embedded images not shown in email received from Hotmail/Outlook webmailer
* Detection of non-ASCII font names in font selector
* Attachment not forwarded correctly under certain circumstances
* Multiple requests for master password when GMail OAuth2 is enabled
* Large number of blank pages being printed under certain circumstances when invalid preferences were present
* Messages sent via the Simple MAPI interface are forced to HTML
* Calendar: Invitations can't be printed
* Mailing list (group) not accessible from macOS or Outlook address book
* Clicking on links with references/anchors where target doesn't exist in the message not opening in external browser
  </description>
  <issue tracker="cve" id="2017-5470"/>
  <issue tracker="cve" id="2017-5472"/>
  <issue tracker="cve" id="2017-7749"/>
  <issue tracker="cve" id="2017-7750"/>
  <issue tracker="cve" id="2017-7751"/>
  <issue tracker="cve" id="2017-7752"/>
  <issue tracker="cve" id="2017-7754"/>
  <issue tracker="cve" id="2017-7756"/>
  <issue tracker="cve" id="2017-7757"/>
  <issue tracker="cve" id="2017-7758"/>
  <issue tracker="cve" id="2017-7763"/>
  <issue tracker="cve" id="2017-7764"/>
  <issue tracker="cve" id="2017-7765"/>
  <issue tracker="cve" id="2017-7771"/>
  <issue tracker="cve" id="2017-7772"/>
  <issue tracker="cve" id="2017-7773"/>
  <issue tracker="cve" id="2017-7774"/>
  <issue tracker="cve" id="2017-7775"/>
  <issue tracker="cve" id="2017-7776"/>
  <issue tracker="cve" id="2017-7777"/>
  <issue tracker="cve" id="2017-7778"/>
  <issue tracker="bnc" id="1040105"/>
  <issue tracker="bnc" id="1042090"/>
  <issue tracker="bmo" id="1273265"/>
  <issue tracker="bmo" id="1355039"/>
  <issue tracker="bmo" id="1356558"/>
  <issue tracker="bmo" id="1356824"/>
  <issue tracker="bmo" id="1357090"/>
  <issue tracker="bmo" id="1359547"/>
  <issue tracker="bmo" id="1363396"/>
  <issue tracker="bmo" id="1364283"/>
  <issue tracker="bmo" id="1365602"/>
  <issue tracker="bmo" id="1366595"/>
  <issue tracker="bmo" id="1368490"/>
  <issue tracker="bnc" id="1043960"/>
  <issue tracker="bmo" id="1360309"/>
</patchinfo>
openSUSE Build Service is sponsored by
Places