{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"52.4.0-45.1","MozillaThunderbird-buildsymbols":"52.4.0-45.1","MozillaThunderbird-devel":"52.4.0-45.1","MozillaThunderbird-translations-common":"52.4.0-45.1","MozillaThunderbird-translations-other":"52.4.0-45.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"52.4.0-45.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\n\nMozilla Thunderbird was updated to 52.4.0 (boo#1060445)\n  * new behavior was introduced for replies to mailing list posts:\n    'When replying to a mailing list, reply will be sent to address\n    in From header ignoring Reply-to header'. A new preference\n    mail.override_list_reply_to allows to restore the previous behavior.\n  * Under certain circumstances (image attachment and non-image\n    attachment), attached images were shown truncated in messages\n    stored in IMAP folders not synchronised for offline use.\n  * IMAP UIDs > 0x7FFFFFFF now handled properly\n  Security fixes from Gecko 52.4esr\n  * CVE-2017-7793 (bmo#1371889)\n    Use-after-free with Fetch API\n  * CVE-2017-7818 (bmo#1363723)\n    Use-after-free during ARIA array manipulation\n  * CVE-2017-7819 (bmo#1380292)\n    Use-after-free while resizing images in design mode\n  * CVE-2017-7824 (bmo#1398381)\n    Buffer overflow when drawing and validating elements with ANGLE\n  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)\n    Use-after-free in TLS 1.2 generating handshake hashes\n  * CVE-2017-7814 (bmo#1376036)\n    Blob and data URLs bypass phishing and malware protection warnings\n  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)\n    OS X fonts render some Tibetan and Arabic unicode characters as spaces\n  * CVE-2017-7823 (bmo#1396320)\n    CSP sandbox directive did not create a unique origin\n  * CVE-2017-7810\n    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4\n\n- Add alsa-devel BuildRequires: we care for ALSA support to be\n  built and thus need to ensure we get the dependencies in place.\n  In the past, alsa-devel was pulled in by accident: we\n  buildrequire libgnome-devel. This required esound-devel and that\n  in turn pulled in alsa-devel for us. libgnome is being fixed to\n  no longer require esound-devel.\n\n","id":"openSUSE-SU-2017:2710-1","modified":"2017-10-11T17:57:43Z","published":"2017-10-11T17:57:43Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LDCHQXU3UZNGY4UDTM7XLWWMHJTBW6JU/#LDCHQXU3UZNGY4UDTM7XLWWMHJTBW6JU"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060445"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7793"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7805"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7810"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7814"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7818"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7819"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7823"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7824"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7825"}],"related":["CVE-2017-7793","CVE-2017-7805","CVE-2017-7810","CVE-2017-7814","CVE-2017-7818","CVE-2017-7819","CVE-2017-7823","CVE-2017-7824","CVE-2017-7825"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2017-7793","CVE-2017-7805","CVE-2017-7810","CVE-2017-7814","CVE-2017-7818","CVE-2017-7819","CVE-2017-7823","CVE-2017-7824","CVE-2017-7825"]}