Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia: 2020-0378 Moderate: Thunderbird AppCache Poisoning and More

mageia
Calendar Grey September 30, 2020
Dist Mageia Esm H88
Revised Firefox versions resolve several vulnerabilities such as AppCache manipulation, memory leaks, and additional concerns.
AppCache manifest poisoning due to url encoded character processing (CVE-2020-12415)

Summary

AppCache manifest poisoning due to url encoded character processing (CVE-2020-12415).
Use-after-free in WebRTC VideoBroadcaster (CVE-2020-12416).
Integer overflow in nsJPEGEncoder::emptyOutputBuffer (CVE-2020-12422).
WebRTC permission prompt could have been bypassed by a compromised content process (CVE-2020-12424).
Out of bound read in Date.parse() (CVE-2020-12425).
Memory safety bugs fixed in Thunderbird 78 (CVE-2020-12426).
X-Frame-Options bypass using object or embed tags (CVE-2020-15648).
Memory safety bugs fixed in Thunderbird 78.3 (CVE-2020-15673).
XSS when pasting attacker-controlled data into a contenteditable element (CVE-2020-15676).
Download origin spoofing via redirect (CVE-2020-15677).
When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario (CVE-2020-15678).
Note that Enigmail will no longer let you manage your PGP keys, but instead will only provide a migration tool. Thunderbird will no longe...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26965

- https://www.mozilla.org/en-US/security/advisories/mfsa2020-29/

- https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/

- https://www.thunderbird.net/en-US/thunderbird/78.0/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/78.0.1/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/78.1.0/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/78.1.1/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/78.2.0/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/78.2.1/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/78.2.2/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/78.3.0/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/78.3.1/releasenotes/

- https://wiki.mageia.org/en/Migration_from_Thunderbird_68_and_Enigmail_to_Thunderbird_78

- https://www.cve.org/CVERecord?id=CVE-2020-12415

- https://www.cve.org/CVERecord?id=CVE-2020-12416

- https://www.cve.org/CVERecord?id=CVE-2020-12422

- https://www.cve.org/CVERecord?id=CVE-2020-12424

- https://www.cve.org/CVERecord?id=CVE-2020-12425

- https://www.cve.org/CVERecord?id=CVE-2020-12426

- https://www.cve.org/CVERecord?id=CVE-2020-15648

- https://www.cve.org/CVERecord?id=CVE-2020-15673

- https://www.cve.org/CVERecord?id=CVE-2020-15676

- https://www.cve.org/CVERecord?id=CVE-2020-15677

- https://www.cve.org/CVERecord?id=CVE-2020-15678

Topics%20covered

Topics Covered

security advisory update memory safety Thunderbird use-after-free Mageia appcache poisoning

Resolution

SRPMS

- 7/core/thunderbird-78.3.1-3.mga7

- 7/core/thunderbird-l10n-78.3.1-1.mga7

Publication date: 30 Sep 2020
URL: https://advisories.mageia.org/MGASA-2020-0378.html
Type: security
CVE: CVE-2020-12415, CVE-2020-12416, CVE-2020-12422, CVE-2020-12424, CVE-2020-12425, CVE-2020-12426, CVE-2020-15648, CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, CVE-2020-15678

Topics%20covered

Topics Covered

security advisory update memory safety Thunderbird use-after-free Mageia appcache poisoning

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here