{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"60.3.0-3.17.2","MozillaThunderbird-translations-common":"60.3.0-3.17.2","MozillaThunderbird-translations-other":"60.3.0-3.17.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.3.0-3.17.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\nThunderbird 63 ESR was updated to version 60.3.0 to fix the following issues (bsc#1112852):\n\nSecurity issues fixed (MFSA 2018-28):\n\n- CVE-2018-12389: Fixed memory safety bugs.\n- CVE-2018-12390: Fixed memory safety bugs.\n- CVE-2018-12391: Fixed HTTP Live Stream audio data is accessible cross-origin.\n- CVE-2018-12392: Fixed crash with nested event loops.\n- CVE-2018-12393: Fixed integer overflow during Unicode conversion while loading JavaScript.\n\nNon-security issues fixed:\n\n- various theme fixes\n- Shift+PageUp/PageDown in Write window\n- Gloda attachment filtering\n- Mailing list address auto-complete enter/return handling\n- Thunderbird hung if HTML signature references non-existent image\n- Filters not working for headers that appear more than once\n- Update _constraints for armv6/7\n- Add memory-constraints to avoid OOM errors\n","id":"SUSE-SU-2018:3769-1","modified":"2018-11-14T13:15:48Z","published":"2018-11-14T13:15:48Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20183769-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112852"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12389"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12390"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12391"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12392"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-12393"}],"related":["CVE-2018-12389","CVE-2018-12390","CVE-2018-12391","CVE-2018-12392","CVE-2018-12393"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2018-12389","CVE-2018-12390","CVE-2018-12391","CVE-2018-12392","CVE-2018-12393"]}