SUSE Package Hub - openSUSE-2017-1419

Update Info

openSUSE-2017-1419

Security update for Mozilla Thunderbird

Type: security

Severity: important

Issued: 2017-12-24

Description:

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities:
  
- CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin (bsc#1074043)
- CVE-2017-7847: Local path string can be leaked from RSS feed (bsc#1074044)
- CVE-2017-7848: RSS Feed vulnerable to new line Injection (bsc#1074045)
- CVE-2017-7829: From address with encoded null character is cut off in message header display (bsc#1074046)

References

CVE: CVE-2017-7848
CVE: CVE-2017-7847
CVE: CVE-2017-7846
CVE: CVE-2017-7829
Bugzilla: 1074046 https://bugzilla.opensuse.org/show_bug.cgi?id=1074046
Bugzilla: 1074045 https://bugzilla.opensuse.org/show_bug.cgi?id=1074045
Bugzilla: 1074044 https://bugzilla.opensuse.org/show_bug.cgi?id=1074044
Bugzilla: 1074043 https://bugzilla.opensuse.org/show_bug.cgi?id=1074043

Packages

MozillaThunderbird-52.5.2-51.1