{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"45.2-6.1","MozillaThunderbird-buildsymbols":"45.2-6.1","MozillaThunderbird-devel":"45.2-6.1","MozillaThunderbird-translations-common":"45.2-6.1","MozillaThunderbird-translations-other":"45.2-6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"45.2-6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update contains Mozilla Thunderbird 45.2. (boo#983549)\n\nIt fixes security issues mostly affecting the e-mail program when used in a browser context, such as viewing a web page or HTMl formatted e-mail.\n\nThe following vulnerabilities were fixed:\n\n- CVE-2016-2818, CVE-2016-2815: Memory safety bugs (boo#983549, MFSA2016-49)\n\nContains the following security fixes from the 45.1 release: (boo#977333)\n\n- CVE-2016-2806, CVE-2016-2807: Miscellaneous memory safety hazards (boo#977375, boo#977376, MFSA 2016-39)\n\nContains the following security fixes from the 45.0 release: (boo#969894)\n\n- CVE-2016-1952, CVE-2016-1953: Miscellaneous memory safety hazards (MFSA 2016-16)\n- CVE-2016-1954: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17)\n- CVE-2016-1955: CSP reports fail to strip location information for embedded iframe pages (MFSA 2016-18)\n- CVE-2016-1956: Linux video memory DOS with Intel drivers (MFSA 2016-19)\n- CVE-2016-1957: Memory leak in libstagefright when deleting an array during MP4 processing (MFSA 2016-20)\n- CVE-2016-1960: Use-after-free in HTML5 string parser (MFSA 2016-23)\n- CVE-2016-1961: Use-after-free in SetBody (MFSA 2016-24)\n- CVE-2016-1964: Use-after-free during XML transformations (MFSA 2016-27)\n- CVE-2016-1974: Out-of-bounds read in HTML parser following a failed allocation (MFSA 2016-34)\n\nThe graphite font shaping library was disabled, addressing the following font vulnerabilities:\n\n- MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/\n  CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/\n  CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/\n  CVE-2016-2800/CVE-2016-2801/CVE-2016-2802\n\nThe following tracked packaging changes are included:\n\n- fix build issues with gcc/binutils combination used in Leap 42.2 (boo#984637)\n- gcc6 fixes (boo#986162)\n- running on 48bit va aarch64 (boo#984126)","id":"openSUSE-SU-2016:1769-1","modified":"2016-07-10T18:30:29Z","published":"2016-07-10T18:30:29Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IT5Z2MQVCUU2PY7AOHLQUFDN44PCYHX5/#IT5Z2MQVCUU2PY7AOHLQUFDN44PCYHX5"},{"type":"REPORT","url":"https://bugzilla.suse.com/969894"},{"type":"REPORT","url":"https://bugzilla.suse.com/977333"},{"type":"REPORT","url":"https://bugzilla.suse.com/977375"},{"type":"REPORT","url":"https://bugzilla.suse.com/977376"},{"type":"REPORT","url":"https://bugzilla.suse.com/983549"},{"type":"REPORT","url":"https://bugzilla.suse.com/984126"},{"type":"REPORT","url":"https://bugzilla.suse.com/984637"},{"type":"REPORT","url":"https://bugzilla.suse.com/986162"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1952"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1953"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1954"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1955"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1956"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1957"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1960"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1961"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1964"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1974"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1977"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2790"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2791"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2792"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2793"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2794"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2795"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2796"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2797"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2798"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2799"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2800"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2801"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2802"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2806"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2807"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2815"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2818"}],"related":["CVE-2016-1952","CVE-2016-1953","CVE-2016-1954","CVE-2016-1955","CVE-2016-1956","CVE-2016-1957","CVE-2016-1960","CVE-2016-1961","CVE-2016-1964","CVE-2016-1974","CVE-2016-1977","CVE-2016-2790","CVE-2016-2791","CVE-2016-2792","CVE-2016-2793","CVE-2016-2794","CVE-2016-2795","CVE-2016-2796","CVE-2016-2797","CVE-2016-2798","CVE-2016-2799","CVE-2016-2800","CVE-2016-2801","CVE-2016-2802","CVE-2016-2806","CVE-2016-2807","CVE-2016-2815","CVE-2016-2818"],"summary":"Security update for Mozilla Thunderbird","upstream":["CVE-2016-1952","CVE-2016-1953","CVE-2016-1954","CVE-2016-1955","CVE-2016-1956","CVE-2016-1957","CVE-2016-1960","CVE-2016-1961","CVE-2016-1964","CVE-2016-1974","CVE-2016-1977","CVE-2016-2790","CVE-2016-2791","CVE-2016-2792","CVE-2016-2793","CVE-2016-2794","CVE-2016-2795","CVE-2016-2796","CVE-2016-2797","CVE-2016-2798","CVE-2016-2799","CVE-2016-2800","CVE-2016-2801","CVE-2016-2802","CVE-2016-2806","CVE-2016-2807","CVE-2016-2815","CVE-2016-2818"]}