{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"52.6-54.1","MozillaThunderbird-buildsymbols":"52.6-54.1","MozillaThunderbird-devel":"52.6-54.1","MozillaThunderbird-translations-common":"52.6-54.1","MozillaThunderbird-translations-other":"52.6-54.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"52.6-54.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird  to version 52.6 fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2018-5095: Integer overflow in Skia library during edge builder\n  allocation (bsc#1077291).\n- CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291).\n- CVE-2018-5097: Use-after-free when source document is manipulated during XSLT\n  (bsc#1077291).\n- CVE-2018-5098: Use-after-free while manipulating form input elements\n  (bsc#1077291).\n- CVE-2018-5099: Use-after-free with widget listener (bsc#1077291).\n- CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291).\n- CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291).\n- CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291).\n- CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right\n  (bsc#1077291).\n- CVE-2018-5089: Various memory safety bugs (bsc#1077291).\n\nThese security issues were fixed:\n\n- Searching message bodies of messages in local folders, including\n  filter and quick filter operations, not working reliably: Content\n  not found in base64-encode message parts, non-ASCII text not found\n  and false positives found.\n- Defective messages (without at least one expected header) not shown\n  in IMAP folders but shown on mobile devices\n- Calendar: Unintended task deletion if numlock is enabled\n  ","id":"openSUSE-SU-2018:0256-1","modified":"2018-01-27T21:50:06Z","published":"2018-01-27T21:50:06Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BDMR3YENC7V5BUBRGJXWANWHWNBW46OF/#BDMR3YENC7V5BUBRGJXWANWHWNBW46OF"},{"type":"REPORT","url":"https://bugzilla.suse.com/1077291"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5089"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5095"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5096"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5097"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5098"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5099"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5102"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5103"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5104"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5117"}],"related":["CVE-2018-5089","CVE-2018-5095","CVE-2018-5096","CVE-2018-5097","CVE-2018-5098","CVE-2018-5099","CVE-2018-5102","CVE-2018-5103","CVE-2018-5104","CVE-2018-5117"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2018-5089","CVE-2018-5095","CVE-2018-5096","CVE-2018-5097","CVE-2018-5098","CVE-2018-5099","CVE-2018-5102","CVE-2018-5103","CVE-2018-5104","CVE-2018-5117"]}