{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"52.5.2-51.1","MozillaThunderbird-buildsymbols":"52.5.2-51.1","MozillaThunderbird-devel":"52.5.2-51.1","MozillaThunderbird-translations-common":"52.5.2-51.1","MozillaThunderbird-translations-other":"52.5.2-51.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"52.5.2-51.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities:\n  \n- CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin (bsc#1074043)\n- CVE-2017-7847: Local path string can be leaked from RSS feed (bsc#1074044)\n- CVE-2017-7848: RSS Feed vulnerable to new line Injection (bsc#1074045)\n- CVE-2017-7829: From address with encoded null character is cut off in message header display (bsc#1074046)\n","id":"openSUSE-SU-2017:3433-1","modified":"2017-12-24T22:29:25Z","published":"2017-12-24T22:29:25Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Y37ZBDTQYH6U74CLMVTFTTZQHZYSKJPC/#Y37ZBDTQYH6U74CLMVTFTTZQHZYSKJPC"},{"type":"REPORT","url":"https://bugzilla.suse.com/1074043"},{"type":"REPORT","url":"https://bugzilla.suse.com/1074044"},{"type":"REPORT","url":"https://bugzilla.suse.com/1074045"},{"type":"REPORT","url":"https://bugzilla.suse.com/1074046"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7829"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7846"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7847"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7848"}],"related":["CVE-2017-7829","CVE-2017-7846","CVE-2017-7847","CVE-2017-7848"],"summary":"Security update for Mozilla Thunderbird","upstream":["CVE-2017-7829","CVE-2017-7846","CVE-2017-7847","CVE-2017-7848"]}