Linux Security
    Linux Security
    Linux Security

    Mageia 2020-0378: Thunderbird security update

    Date
    178
    Posted By
    AppCache manifest poisoning due to url encoded character processing (CVE-2020-12415). Use-after-free in WebRTC VideoBroadcaster (CVE-2020-12416).
    MGASA-2020-0378 - Updated Thunderbird packages fix security vulnerabilities
    
    Publication date: 30 Sep 2020
    URL: https://advisories.mageia.org/MGASA-2020-0378.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2020-12415,
         CVE-2020-12416,
         CVE-2020-12422,
         CVE-2020-12424,
         CVE-2020-12425,
         CVE-2020-12426,
         CVE-2020-15648,
         CVE-2020-15673,
         CVE-2020-15676,
         CVE-2020-15677,
         CVE-2020-15678
    
    AppCache manifest poisoning due to url encoded character processing
    (CVE-2020-12415).
    
    Use-after-free in WebRTC VideoBroadcaster (CVE-2020-12416).
    
    Integer overflow in nsJPEGEncoder::emptyOutputBuffer (CVE-2020-12422).
    
    WebRTC permission prompt could have been bypassed by a compromised content
    process (CVE-2020-12424).
    
    Out of bound read in Date.parse() (CVE-2020-12425).
    
    Memory safety bugs fixed in Thunderbird 78 (CVE-2020-12426).
    
    X-Frame-Options bypass using object or embed tags (CVE-2020-15648).
    
    Memory safety bugs fixed in Thunderbird 78.3 (CVE-2020-15673).
    
    XSS when pasting attacker-controlled data into a contenteditable element
    (CVE-2020-15676).
    
    Download origin spoofing via redirect (CVE-2020-15677).
    
    When recursing through layers while scrolling, an iterator may have become
    invalid, resulting in a potential use-after-free scenario (CVE-2020-15678).
    
    Note that Enigmail will no longer let you manage your PGP keys, but
    instead will only provide a migration tool. Thunderbird will no longer use
    the system keyring and GnuPG; instead, it will handle PGP keys internally.
    
    To use your existing PGP keys with Thunderbird 78 and above, you must use the
    migration tool from Enigmail upon the first Thunderbird run.
    See the migration notes on the Mageia wiki.
    
    Also note that, to protect your keys, you should define a master password
    in Thunderbird.
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=26965
    - https://www.mozilla.org/en-US/security/advisories/mfsa2020-29/
    - https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/
    - https://www.thunderbird.net/en-US/thunderbird/78.0/releasenotes/
    - https://www.thunderbird.net/en-US/thunderbird/78.0.1/releasenotes/
    - https://www.thunderbird.net/en-US/thunderbird/78.1.0/releasenotes/
    - https://www.thunderbird.net/en-US/thunderbird/78.1.1/releasenotes/
    - https://www.thunderbird.net/en-US/thunderbird/78.2.0/releasenotes/
    - https://www.thunderbird.net/en-US/thunderbird/78.2.1/releasenotes/
    - https://www.thunderbird.net/en-US/thunderbird/78.2.2/releasenotes/
    - https://www.thunderbird.net/en-US/thunderbird/78.3.0/releasenotes/
    - https://www.thunderbird.net/en-US/thunderbird/78.3.1/releasenotes/
    - https://wiki.mageia.org/en/Migration_from_Thunderbird_68_and_Enigmail_to_Thunderbird_78
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12415
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12416
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12422
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12424
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12425
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12426
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15648
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15673
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15676
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15677
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15678
    
    SRPMS:
    - 7/core/thunderbird-78.3.1-3.mga7
    - 7/core/thunderbird-l10n-78.3.1-1.mga7
    

    Advisories

    LinuxSecurity Poll

    Tails is the most secure Linux distro out there.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/41-ubuntu-is-a-more-secure-distro-than-fedora?task=poll.vote&format=json
    41
    radio
    [{"id":"142","title":"Yes - Tails get my vote!","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"143","title":"Nope - Parrot OS has surpassed Tails in its security and privacy.","votes":"0","type":"x","order":"2","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.