{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"68.5.0-3.71.1","MozillaThunderbird-translations-common":"68.5.0-3.71.1","MozillaThunderbird-translations-other":"68.5.0-3.71.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP1","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"68.5.0-3.71.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\n- Mozilla Thunderbird 68.5 (bsc#1162777)\n  MFSA 2020-07 (bsc#1163368)\n  * CVE-2020-6793 (bmo#1608539)\n    Out-of-bounds read when processing certain email messages\n  * CVE-2020-6794 (bmo#1606619)\n    Setting a master password post-Thunderbird 52 does not delete\n    unencrypted previously stored passwords\n  * CVE-2020-6795 (bmo#1611105)\n    Crash processing S/MIME messages with multiple signatures\n  * CVE-2020-6797 (bmo#1596668)\n    Extensions granted downloads.open permission could open\n    arbitrary applications on Mac OSX\n  * CVE-2020-6798 (bmo#1602944)\n    Incorrect parsing of template tag could result in JavaScript\n    injection\n  * CVE-2020-6792 (bmo#1609607)\n    Message ID calculcation was based on uninitialized data\n  * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543,\n    bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785)\n    Memory safety bugs fixed in Thunderbird 68.5\n\n  * new: Support for Client Identity IMAP/SMTP Service Extension\n    (bmo#1532388)\n  * new: Support for OAuth 2.0 authentication for POP3 accounts\n    (bmo#1538409)\n  * fixed: Status area goes blank during account setup\n    (bmo#1593122)\n  * fixed: Calendar: Could not remove color for default\n    categories (bmo#1584853)\n  * fixed: Calendar: Prevent calendar component loading multiple\n    times (bmo#1606375)\n  * fixed: Calendar: Today pane did not retain width between\n    sessions (bmo#1610207)\n  * unresolved: When upgrading from Thunderbird version 60 to\n    version 68, add-ons are not automatically updated during the\n    upgrade process. They will however be updated during the add-\n    on update check. It is of course possible to reinstall\n    compatible add-ons via the Add-ons Manager or via\n    addons.thunderbird.net. (bmo#1574183)\n  * changed: Calendar: Task and Event tree colours adjusted for\n    the dark theme (bmo#1608344)\n  * fixed: Retrieval of S/MIME certificates from LDAP failed\n    (bmo#1604773)\n  * fixed: Address-parsing crash on some IMAP servers when\n    preference mail.imap.use_envelope_cmd was set (bmo#1609690)\n  * fixed: Incorrect forwarding of HTML messages caused SMTP\n    servers to respond with a timeout (bmo#1222046)\n  * fixed: Calendar: Various parts of the calendar UI stopped\n    working when a second Thunderbird window opened (bmo#1608407)\n\n","id":"SUSE-SU-2020:0385-1","modified":"2020-02-17T07:54:20Z","published":"2020-02-17T07:54:20Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20200385-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1162777"},{"type":"REPORT","url":"https://bugzilla.suse.com/1163368"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-6792"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-6793"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-6794"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-6795"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-6797"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-6798"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-6800"}],"related":["CVE-2020-6792","CVE-2020-6793","CVE-2020-6794","CVE-2020-6795","CVE-2020-6797","CVE-2020-6798","CVE-2020-6800"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2020-6792","CVE-2020-6793","CVE-2020-6794","CVE-2020-6795","CVE-2020-6797","CVE-2020-6798","CVE-2020-6800"]}