{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"45.8.0-27.1","MozillaThunderbird-buildsymbols":"45.8.0-27.1","MozillaThunderbird-devel":"45.8.0-27.1","MozillaThunderbird-translations-common":"45.8.0-27.1","MozillaThunderbird-translations-other":"45.8.0-27.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"45.8.0-27.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update to Mozilla Thunderbird 45.8.0 fixes security issues and bugs.\n\nThe following security issues from advisory MFSA 2017-07 were fixed. (boo#1028391)\nIn general, these flaws cannot be exploited through email in\nThunderbird because scripting is disabled when reading mail,\nbut are potentially risks in browser or browser-like contexts:\n\n- CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP\n- CVE-2017-5401: Memory Corruption when handling ErrorResult\n- CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876)\n- CVE-2017-5404: Use-after-free working with ranges in selections\n- CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters\n- CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping\n- CVE-2017-5408: Cross-origin reading of video captions in violation of CORS\n- CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699)\n- CVE-2017-5398: Memory safety bugs fixed in Thunderbird 45.8\n\nThe following non-security issues were fixed:\n\n- crash when viewing certain IMAP messages\n","id":"openSUSE-SU-2017:0688-1","modified":"2017-03-14T14:03:02Z","published":"2017-03-14T14:03:02Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1028391"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5398"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5400"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5401"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5402"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5404"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5405"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5407"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5408"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5410"}],"related":["CVE-2017-5398","CVE-2017-5400","CVE-2017-5401","CVE-2017-5402","CVE-2017-5404","CVE-2017-5405","CVE-2017-5407","CVE-2017-5408","CVE-2017-5410"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2017-5398","CVE-2017-5400","CVE-2017-5401","CVE-2017-5402","CVE-2017-5404","CVE-2017-5405","CVE-2017-5407","CVE-2017-5408","CVE-2017-5410"]}