{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"45.7.0-23.1","MozillaThunderbird-buildsymbols":"45.7.0-23.1","MozillaThunderbird-devel":"45.7.0-23.1","MozillaThunderbird-translations-common":"45.7.0-23.1","MozillaThunderbird-translations-other":"45.7.0-23.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"45.7.0-23.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update to Mozilla Thunderbird 45.7.0 fixes security issues and bugs.\n\nThe following security issues from advisory MFSA 2017-03 were fixed (boo#1021991)\nIn general, these flaws cannot be exploited through email in\nThunderbird because scripting is disabled when reading mail,\nbut are potentially risks in browser or browser-like contexts:\n\n- CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (boo#1021814)\n- CVE-2017-5376: Use-after-free in XSL (boo#1021817)\n- CVE-2017-5378: Pointer and frame data leakage of Javascript objects (boo#1021818)\n- CVE-2017-5380: Potential use-after-free during DOM manipulations (boo#1021819)\n- CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (boo#1021820)\n- CVE-2017-5396: Use-after-free with Media Decoder (boo#1021821)\n- CVE-2017-5383: Location bar spoofing with unicode characters (boo#1021822)\n- CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7 (boo#1021824)\n\nThe following non-security bugs were fixed:\n\n- Message preview pane non-functional after IMAP folder was renamed or moved\n- 'Move To' button on 'Search Messages' panel not working\n- Message sent to 'undisclosed recipients' shows no recipient\n  (non-functional since Thunderbird version 38)\n","id":"openSUSE-SU-2017:0354-1","modified":"2017-02-01T17:54:52Z","published":"2017-02-01T17:54:52Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1021814"},{"type":"REPORT","url":"https://bugzilla.suse.com/1021817"},{"type":"REPORT","url":"https://bugzilla.suse.com/1021818"},{"type":"REPORT","url":"https://bugzilla.suse.com/1021819"},{"type":"REPORT","url":"https://bugzilla.suse.com/1021820"},{"type":"REPORT","url":"https://bugzilla.suse.com/1021821"},{"type":"REPORT","url":"https://bugzilla.suse.com/1021822"},{"type":"REPORT","url":"https://bugzilla.suse.com/1021824"},{"type":"REPORT","url":"https://bugzilla.suse.com/1021991"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5373"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5375"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5376"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5378"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5380"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5383"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5390"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5396"}],"related":["CVE-2017-5373","CVE-2017-5375","CVE-2017-5376","CVE-2017-5378","CVE-2017-5380","CVE-2017-5383","CVE-2017-5390","CVE-2017-5396"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2017-5373","CVE-2017-5375","CVE-2017-5376","CVE-2017-5378","CVE-2017-5380","CVE-2017-5383","CVE-2017-5390","CVE-2017-5396"]}