| 1 |
type: security |
| 2 |
subject: Updated thunderbird packages fix security vulnerabilities |
| 3 |
CVE: |
| 4 |
- CVE-2020-16012 |
| 5 |
- CVE-2020-26951 |
| 6 |
- CVE-2020-26953 |
| 7 |
- CVE-2020-26956 |
| 8 |
- CVE-2020-26958 |
| 9 |
- CVE-2020-26959 |
| 10 |
- CVE-2020-26960 |
| 11 |
- CVE-2020-26961 |
| 12 |
- CVE-2020-26965 |
| 13 |
- CVE-2020-26968 |
| 14 |
src: |
| 15 |
7: |
| 16 |
core: |
| 17 |
- thunderbird-78.5.0-1.mga7 |
| 18 |
- thunderbird-l10n-78.5.0-1.mga7 |
| 19 |
description: | |
| 20 |
Variable time processing of cross-origin images during drawImage calls. |
| 21 |
(CVE-2020-16012) |
| 22 |
|
| 23 |
Parsing mismatches could confuse and bypass security sanitizer for chrome |
| 24 |
privileged code. (CVE-2020-26951) |
| 25 |
|
| 26 |
Fullscreen could be enabled without displaying the security UI. (CVE-2020-26953) |
| 27 |
|
| 28 |
XSS through paste (manual and clipboard API). (CVE-2020-26956) |
| 29 |
|
| 30 |
Requests intercepted through ServiceWorkers lacked MIME type restrictions. |
| 31 |
(CVE-2020-26958) |
| 32 |
|
| 33 |
Use-after-free in WebRequestService. (CVE-2020-26959) |
| 34 |
|
| 35 |
Potential use-after-free in uses of nsTArray. (CVE-2020-26960) |
| 36 |
|
| 37 |
DoH did not filter IPv4 mapped IP Addresses. (CVE-2020-26961) |
| 38 |
|
| 39 |
Software keyboards may have remembered typed passwords. (CVE-2020-26965) |
| 40 |
|
| 41 |
Memory safety bugs fixed in Thunderbird 78.5. (CVE-2020-26968) |
| 42 |
references: |
| 43 |
- https://bugs.mageia.org/show_bug.cgi?id=27634 |
| 44 |
- https://www.thunderbird.net/en-US/thunderbird/78.5.0/releasenotes/ |
| 45 |
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/ |
| 46 |
ID: MGASA-2020-0433 |
Parent Directory
| 
Revision Log