1 |
type: security |
2 |
subject: Updated thunderbird packages fix security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2020-16012 |
5 |
- CVE-2020-26951 |
6 |
- CVE-2020-26953 |
7 |
- CVE-2020-26956 |
8 |
- CVE-2020-26958 |
9 |
- CVE-2020-26959 |
10 |
- CVE-2020-26960 |
11 |
- CVE-2020-26961 |
12 |
- CVE-2020-26965 |
13 |
- CVE-2020-26968 |
14 |
src: |
15 |
7: |
16 |
core: |
17 |
- thunderbird-78.5.0-1.mga7 |
18 |
- thunderbird-l10n-78.5.0-1.mga7 |
19 |
description: | |
20 |
Variable time processing of cross-origin images during drawImage calls. |
21 |
(CVE-2020-16012) |
22 |
|
23 |
Parsing mismatches could confuse and bypass security sanitizer for chrome |
24 |
privileged code. (CVE-2020-26951) |
25 |
|
26 |
Fullscreen could be enabled without displaying the security UI. (CVE-2020-26953) |
27 |
|
28 |
XSS through paste (manual and clipboard API). (CVE-2020-26956) |
29 |
|
30 |
Requests intercepted through ServiceWorkers lacked MIME type restrictions. |
31 |
(CVE-2020-26958) |
32 |
|
33 |
Use-after-free in WebRequestService. (CVE-2020-26959) |
34 |
|
35 |
Potential use-after-free in uses of nsTArray. (CVE-2020-26960) |
36 |
|
37 |
DoH did not filter IPv4 mapped IP Addresses. (CVE-2020-26961) |
38 |
|
39 |
Software keyboards may have remembered typed passwords. (CVE-2020-26965) |
40 |
|
41 |
Memory safety bugs fixed in Thunderbird 78.5. (CVE-2020-26968) |
42 |
references: |
43 |
- https://bugs.mageia.org/show_bug.cgi?id=27634 |
44 |
- https://www.thunderbird.net/en-US/thunderbird/78.5.0/releasenotes/ |
45 |
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/ |
46 |
ID: MGASA-2020-0433 |