{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"52.2-36.1","MozillaThunderbird-buildsymbols":"52.2-36.1","MozillaThunderbird-devel":"52.2-36.1","MozillaThunderbird-translations-common":"52.2-36.1","MozillaThunderbird-translations-other":"52.2-36.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"52.2-36.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update to Thunderbird 52.2 fixes security issues and bugs.\n\nThe following vulnerabilities were fixed:\n    \n* CVE-2017-5472: Use-after-free using destroyed node when regenerating trees\n* CVE-2017-7749: Use-after-free during docshell reloading\n* CVE-2017-7750: Use-after-free with track elements\n* CVE-2017-7751: Use-after-free with content viewer listeners\n* CVE-2017-7752: Use-after-free with IME input\n* CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object\n* CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors\n* CVE-2017-7757: Use-after-free in IndexedDB\n* CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,\n  CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,\n  CVE-2017-7777: Vulnerabilities in the Graphite 2 library\n* CVE-2017-7758: Out-of-bounds read in Opus encoder\n* CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks\n* CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2\n\nMozilla Thunderbird now requires NSS 3.28.5.\n\nThe following bugs were fixed:\n\n* Embedded images not shown in email received from Hotmail/Outlook webmailer\n* Detection of non-ASCII font names in font selector\n* Attachment not forwarded correctly under certain circumstances\n* Multiple requests for master password when GMail OAuth2 is enabled\n* Large number of blank pages being printed under certain circumstances when invalid preferences were present\n* Messages sent via the Simple MAPI interface are forced to HTML\n* Calendar: Invitations can't be printed\n* Mailing list (group) not accessible from macOS or Outlook address book\n* Clicking on links with references/anchors where target doesn't exist in the message not opening in external browser\n  ","id":"openSUSE-SU-2017:1579-1","modified":"2017-06-16T09:03:31Z","published":"2017-06-16T09:03:31Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1040105"},{"type":"REPORT","url":"https://bugzilla.suse.com/1042090"},{"type":"REPORT","url":"https://bugzilla.suse.com/1043960"},{"type":"REPORT","url":"https://bugzilla.suse.com/1273265"},{"type":"REPORT","url":"https://bugzilla.suse.com/1355039"},{"type":"REPORT","url":"https://bugzilla.suse.com/1356558"},{"type":"REPORT","url":"https://bugzilla.suse.com/1356824"},{"type":"REPORT","url":"https://bugzilla.suse.com/1357090"},{"type":"REPORT","url":"https://bugzilla.suse.com/1359547"},{"type":"REPORT","url":"https://bugzilla.suse.com/1360309"},{"type":"REPORT","url":"https://bugzilla.suse.com/1363396"},{"type":"REPORT","url":"https://bugzilla.suse.com/1364283"},{"type":"REPORT","url":"https://bugzilla.suse.com/1365602"},{"type":"REPORT","url":"https://bugzilla.suse.com/1366595"},{"type":"REPORT","url":"https://bugzilla.suse.com/1368490"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5470"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5472"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7749"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7750"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7751"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7752"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7754"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7756"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7757"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7758"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7763"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7764"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7765"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7771"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7772"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7773"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7774"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7775"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7776"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7777"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7778"}],"related":["CVE-2017-5470","CVE-2017-5472","CVE-2017-7749","CVE-2017-7750","CVE-2017-7751","CVE-2017-7752","CVE-2017-7754","CVE-2017-7756","CVE-2017-7757","CVE-2017-7758","CVE-2017-7763","CVE-2017-7764","CVE-2017-7765","CVE-2017-7771","CVE-2017-7772","CVE-2017-7773","CVE-2017-7774","CVE-2017-7775","CVE-2017-7776","CVE-2017-7777","CVE-2017-7778"],"summary":"Security update for Mozilla Thunderbird","upstream":["CVE-2017-5470","CVE-2017-5472","CVE-2017-7749","CVE-2017-7750","CVE-2017-7751","CVE-2017-7752","CVE-2017-7754","CVE-2017-7756","CVE-2017-7757","CVE-2017-7758","CVE-2017-7763","CVE-2017-7764","CVE-2017-7765","CVE-2017-7771","CVE-2017-7772","CVE-2017-7773","CVE-2017-7774","CVE-2017-7775","CVE-2017-7776","CVE-2017-7777","CVE-2017-7778"]}