{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"78.6.0-lp152.2.23.1","MozillaThunderbird-translations-common":"78.6.0-lp152.2.23.1","MozillaThunderbird-translations-other":"78.6.0-lp152.2.23.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"78.6.0-lp152.2.23.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\n- Mozilla Thunderbird 78.6\n  * new: MailExtensions: Added\n    browser.windows.openDefaultBrowser() (bmo#1664708)\n  * changed: Thunderbird now only shows quota exceeded\n    indications on the main window (bmo#1671748)\n  * changed: MailExtensions: menus API enabled in messages being\n    composed (bmo#1670832)\n  * changed: MailExtensions: Honor allowScriptsToClose argument\n    in windows.create API function (bmo#1675940)\n  * changed: MailExtensions: APIs that returned an accountId will\n    reflect the account the message belongs to, not what is\n    stored in message headers (bmo#1644032)\n  * fixed: Keyboard shortcut for toggling message 'read' status\n    not shown in menus (bmo#1619248)\n  * fixed: OpenPGP: After importing a secret key, Key Manager\n    displayed properties of the wrong key (bmo#1667054)\n  * fixed: OpenPGP: Inline PGP parsing improvements (bmo#1660041)\n  * fixed: OpenPGP: Discovering keys online via Key Manager\n    sometimes failed on Linux (bmo#1634053)\n  * fixed: OpenPGP: Encrypted attachment 'Decrypt and Open/Save\n    As' did not work (bmo#1663169)\n  * fixed: OpenPGP: Importing keys failed on macOS (bmo#1680757)\n  * fixed: OpenPGP: Verification of clear signed UTF-8 text\n    failed (bmo#1679756)\n  * fixed: Address book: Some columns incorrectly displayed no\n    data (bmo#1631201)\n  * fixed: Address book: The address book view did not update\n    after changing the name format in the menu (bmo#1678555)\n  * fixed: Calendar: Could not import an ICS file into a CalDAV\n    calendar (bmo#1652984)\n  * fixed: Calendar: Two 'Home' calendars were visible on a new\n    profile (bmo#1656782)\n  * fixed: Calendar: Dark theme was incomplete on Linux\n    (bmo#1655543)\n  * fixed: Dark theme did not apply to new mail notification\n    popups (bmo#1681083)\n  * fixed: Folder icon, message list, and contact side bar visual\n    improvements (bmo#1679436)\n  * fixed: MailExtensions: HTTP refresh in browser content tabs\n    did not work (bmo#1667774)\n  * fixed: MailExtensions: messageDisplayScripts failed to run in\n    main window (bmo#1674932)\n  * fixed: Various security fixes\n  MFSA 2020-56 (bsc#1180039)\n  * CVE-2020-16042 (bmo#1679003)\n    Operations on a BigInt could have caused uninitialized memory\n    to be exposed\n  * CVE-2020-26971 (bmo#1663466)\n    Heap buffer overflow in WebGL\n  * CVE-2020-26973 (bmo#1680084)\n    CSS Sanitizer performed incorrect sanitization\n  * CVE-2020-26974 (bmo#1681022)\n    Incorrect cast of StyleGenericFlexBasis resulted in a heap\n    use-after-free\n  * CVE-2020-26978 (bmo#1677047)\n    Internal network hosts could have been probed by a malicious\n    webpage\n  * CVE-2020-35111 (bmo#1657916)\n    The proxy.onRequest API did not catch view-source URLs\n  * CVE-2020-35112 (bmo#1661365)\n    Opening an extension-less download may have inadvertently\n    launched an executable instead\n  * CVE-2020-35113 (bmo#1664831, bmo#1673589)\n    Memory safety bugs fixed in Thunderbird 78.6\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2020:2317-1","modified":"2020-12-22T17:12:01Z","published":"2020-12-22T17:12:01Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZRYMYUEZXYQNBK2DWV7DAYE5EXEQPBUX/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1180039"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16042"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26971"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26973"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26974"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26978"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-35111"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-35112"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-35113"}],"related":["CVE-2020-16042","CVE-2020-26971","CVE-2020-26973","CVE-2020-26974","CVE-2020-26978","CVE-2020-35111","CVE-2020-35112","CVE-2020-35113"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2020-16042","CVE-2020-26971","CVE-2020-26973","CVE-2020-26974","CVE-2020-26978","CVE-2020-35111","CVE-2020-35112","CVE-2020-35113"]}