{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"60.7.0-3.33.2","MozillaThunderbird-translations-common":"60.7.0-3.33.2","MozillaThunderbird-translations-other":"60.7.0-3.33.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.7.0-3.33.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"60.7.0-3.33.2","MozillaThunderbird-translations-common":"60.7.0-3.33.2","MozillaThunderbird-translations-other":"60.7.0-3.33.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP1","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.7.0-3.33.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\nMozilla Thunderbird was updated to 60.7.0.\n\n* Attachment pane of Write window no longer focussed when attaching\n  files using a keyboard shortcut\n\nThese security issues were fixed (MFSA 2019-15 bsc#1135824):\n\n* CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS\n* CVE-2019-9816: Type confusion with object groups and UnboxedObjects\n* CVE-2019-9817: Stealing of cross-domain images using canvas\n* CVE-2019-9818: Use-after-free in crash generation server\n* CVE-2019-9819: Compartment mismatch with fetch API\n* CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell\n* CVE-2019-11691: Use-after-free in XMLHttpRequest\n* CVE-2019-11692: Use-after-free removing listeners in the event listener manager\n* CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux\n* CVE-2019-7317: Use-after-free in png_image_free of libpng library\n* CVE-2019-9797: Cross-origin theft of images with createImageBitmap\n* CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext\n* CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in Windows sandbox\n* CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n* CVE-2019-5798: Out-of-bounds read in Skia\n* CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n","id":"SUSE-SU-2019:1458-1","modified":"2019-06-11T08:09:40Z","published":"2019-06-11T08:09:40Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20191458-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1130694"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133267"},{"type":"REPORT","url":"https://bugzilla.suse.com/1135824"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-18511"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11691"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11692"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11693"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11694"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11698"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5798"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-7317"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9797"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9800"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9815"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9816"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9817"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9818"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9819"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9820"}],"related":["CVE-2018-18511","CVE-2019-11691","CVE-2019-11692","CVE-2019-11693","CVE-2019-11694","CVE-2019-11698","CVE-2019-5798","CVE-2019-7317","CVE-2019-9797","CVE-2019-9800","CVE-2019-9815","CVE-2019-9816","CVE-2019-9817","CVE-2019-9818","CVE-2019-9819","CVE-2019-9820"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2018-18511","CVE-2019-11691","CVE-2019-11692","CVE-2019-11693","CVE-2019-11694","CVE-2019-11698","CVE-2019-5798","CVE-2019-7317","CVE-2019-9797","CVE-2019-9800","CVE-2019-9815","CVE-2019-9816","CVE-2019-9817","CVE-2019-9818","CVE-2019-9819","CVE-2019-9820"]}