{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"68.8.0-3.80.2","MozillaThunderbird-translations-common":"68.8.0-3.80.2","MozillaThunderbird-translations-other":"68.8.0-3.80.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP1","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"68.8.0-3.80.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n- Update to 68.8.0 ESR\n  MFSA 2020-18 (bsc#1171186)\n  * CVE-2020-12397 (bmo#1617370)\n    Sender Email Address Spoofing using encoded Unicode\n    characters\n  * CVE-2020-12387 (bmo#1545345)\n    Use-after-free during worker shutdown\n  * CVE-2020-6831 (bmo#1632241)\n    Buffer overflow in SCTP chunk input validation\n  * CVE-2020-12392 (bmo#1614468)\n    Arbitrary local file access with 'Copy as cURL'\n  * CVE-2020-12393 (bmo#1615471)\n    Devtools' 'Copy as cURL' feature did not fully escape\n    website-controlled data, potentially leading to command\n    injection\n  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704,\n    bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076,\n    bmo#1631508)\n    Memory safety bugs fixed in Thunderbird 68.8.0\n\n","id":"SUSE-SU-2020:1225-1","modified":"2020-05-08T08:48:22Z","published":"2020-05-08T08:48:22Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20201225-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1171186"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-12387"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-12392"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-12393"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-12395"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-12397"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-6831"}],"related":["CVE-2020-12387","CVE-2020-12392","CVE-2020-12393","CVE-2020-12395","CVE-2020-12397","CVE-2020-6831"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2020-12387","CVE-2020-12392","CVE-2020-12393","CVE-2020-12395","CVE-2020-12397","CVE-2020-6831"]}