Overview

File _patchinfo of Package patchinfo.6320

<patchinfo incident="6320">
  <packager>wrosenauer</packager>
  <issue tracker="bnc" id="1021814">VUL-0: CVE-2017-5375: MozillaFirefox: Excessive JIT code allocation allows bypass of ASLR and DEP</issue>
  <issue tracker="bnc" id="1021817">VUL-0: CVE-2017-5376: MozillaFirefox: Use-after-free in XSL</issue>
  <issue tracker="bnc" id="1021818">VUL-0: CVE-2017-5378: MozillaFirefox: Pointer and frame data leakage of Javascript objects</issue>
  <issue tracker="bnc" id="1021819">VUL-0: CVE-2017-5380: MozillaFirefox: Potential use-after-free during DOM manipulations</issue>
  <issue tracker="bnc" id="1021820">VUL-0: CVE-2017-5390: MozillaFirefox: Insecure communication methods in Developer Tools JSON viewer</issue>
  <issue tracker="bnc" id="1021821">VUL-0: CVE-2017-5396: MozillaFirefox: Use-after-free with Media Decoder</issue>
  <issue tracker="bnc" id="1021822">VUL-0: CVE-2017-5383: MozillaFirefox: Location bar spoofing with unicode characters</issue>
  <issue tracker="bnc" id="1021824">VUL-0: CVE-2017-5373: MozillaFirefox: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7</issue>
  <issue tracker="bnc" id="1021991">VUL-0: MozillaFirefox 51/45.7.0 security release</issue>
  <issue tracker="cve" id="2017-5375"></issue>
  <issue tracker="cve" id="2017-5376"></issue>
  <issue tracker="cve" id="2017-5378"></issue>
  <issue tracker="cve" id="2017-5380"></issue>
  <issue tracker="cve" id="2017-5390"></issue>
  <issue tracker="cve" id="2017-5396"></issue>
  <issue tracker="cve" id="2017-5383"></issue>
  <issue tracker="cve" id="2017-5373"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update to Mozilla Thunderbird 45.7.0 fixes security issues and bugs.

The following security issues from advisory MFSA 2017-03 were fixed (boo#1021991)
In general, these flaws cannot be exploited through email in
Thunderbird because scripting is disabled when reading mail,
but are potentially risks in browser or browser-like contexts:

- CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (boo#1021814)
- CVE-2017-5376: Use-after-free in XSL (boo#1021817)
- CVE-2017-5378: Pointer and frame data leakage of Javascript objects (boo#1021818)
- CVE-2017-5380: Potential use-after-free during DOM manipulations (boo#1021819)
- CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (boo#1021820)
- CVE-2017-5396: Use-after-free with Media Decoder (boo#1021821)
- CVE-2017-5383: Location bar spoofing with unicode characters (boo#1021822)
- CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7 (boo#1021824)

The following non-security bugs were fixed:

- Message preview pane non-functional after IMAP folder was renamed or moved
- "Move To" button on "Search Messages" panel not working
- Message sent to "undisclosed recipients" shows no recipient
  (non-functional since Thunderbird version 38)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places