{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"68.3.0-lp151.2.19.1","MozillaThunderbird-translations-common":"68.3.0-lp151.2.19.1","MozillaThunderbird-translations-other":"68.3.0-lp151.2.19.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"68.3.0-lp151.2.19.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\nMozilla Thunderbird was updated to 68.3esr (MFSA 2019-38 bsc#1158328) \t  \n\nSecurity issues fixed: \n\n- CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331)\n- CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments \n  in WebRTC code (bmo#1580156)\n- CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a \n  block cipher (bmo#1586176)\n- CVE-2019-17009: Fixed an issue where updater temporary files accessible to \n  unprivileged processes (bmo#1510494)\n- CVE-2019-17010: Fixed a use-after-free when performing device orientation \n  checks (bmo#1581084)\n- CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170)\n- CVE-2019-17011: Fixed a use-after-free when retrieving a document \n  in antitracking (bmo#1591334)\n- CVE-2019-17012: Fixed multiple memmory issues\n  (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, \n  bmo#1592502)\n\nOther issues addressed:\n\n- New: Message display toolbar action WebExtension API (bmo#1531597)\n- New: Navigation buttons are now available in content tabs (bmo#787683)\n- Fixed an issue where write window was not always correct (bmo#1593280)\n- Fixed toolbar issues (bmo#1584160)\n- Fixed issues with LDAP lookup when SSL was enabled (bmo#1576364)\n- Fixed an issue with scam link confirmation panel (bmo#1596413)\n- Fixed an issue with the write window where the Link Properties \n  dialog was not showing named anchors in context menu (bmo#1593629)\n- Fixed issues with calendar (bmo#1588516)\n- Fixed issues with chat where reordering via drag-and-drop was not working\n  on Instant messaging status dialog (bmo#1591505)\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2020:0003-1","modified":"2020-01-09T16:29:51Z","published":"2020-01-09T16:29:51Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NRHDWT3QC423VY6ACEY346YD3PPCAECZ/"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11745"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-13722"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17005"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17008"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17009"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17010"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17011"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17012"}],"related":["CVE-2019-11745","CVE-2019-13722","CVE-2019-17005","CVE-2019-17008","CVE-2019-17009","CVE-2019-17010","CVE-2019-17011","CVE-2019-17012"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2019-11745","CVE-2019-13722","CVE-2019-17005","CVE-2019-17008","CVE-2019-17009","CVE-2019-17010","CVE-2019-17011","CVE-2019-17012"]}