Update Info

openSUSE-2017-694


Security update for Mozilla Thunderbird


Type: security
Severity: moderate
Issued: 2017-06-16
Description:
This update to Thunderbird 52.2 fixes security issues and bugs.

The following vulnerabilities were fixed:
    
* CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
* CVE-2017-7749: Use-after-free during docshell reloading
* CVE-2017-7750: Use-after-free with track elements
* CVE-2017-7751: Use-after-free with content viewer listeners
* CVE-2017-7752: Use-after-free with IME input
* CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
* CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
* CVE-2017-7757: Use-after-free in IndexedDB
* CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
  CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
  CVE-2017-7777: Vulnerabilities in the Graphite 2 library
* CVE-2017-7758: Out-of-bounds read in Opus encoder
* CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
* CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2

Mozilla Thunderbird now requires NSS 3.28.5.

The following bugs were fixed:

* Embedded images not shown in email received from Hotmail/Outlook webmailer
* Detection of non-ASCII font names in font selector
* Attachment not forwarded correctly under certain circumstances
* Multiple requests for master password when GMail OAuth2 is enabled
* Large number of blank pages being printed under certain circumstances when invalid preferences were present
* Messages sent via the Simple MAPI interface are forced to HTML
* Calendar: Invitations can't be printed
* Mailing list (group) not accessible from macOS or Outlook address book
* Clicking on links with references/anchors where target doesn't exist in the message not opening in external browser
  

              

Packages


  • MozillaThunderbird-52.2-36.1