Mageia 7: 2020-0433 Moderate: Thunderbird Security Issues

mageia

November 21, 2020

Variable time processing of cross-origin images during drawImage calls

Summary

Variable time processing of cross-origin images during drawImage calls. (CVE-2020-16012)
Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code. (CVE-2020-26951)
Fullscreen could be enabled without displaying the security UI. (CVE-2020-26953)
XSS through paste (manual and clipboard API). (CVE-2020-26956)
Requests intercepted through ServiceWorkers lacked MIME type restrictions. (CVE-2020-26958)
Use-after-free in WebRequestService. (CVE-2020-26959)
Potential use-after-free in uses of nsTArray. (CVE-2020-26960)
DoH did not filter IPv4 mapped IP Addresses. (CVE-2020-26961)
Software keyboards may have remembered typed passwords. (CVE-2020-26965)
Memory safety bugs fixed in Thunderbird 78.5. (CVE-2020-26968)

References

- https://bugs.mageia.org/show_bug.cgi?id=27634

- https://www.thunderbird.net/en-US/thunderbird/78.5.0/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/

- https://www.cve.org/CVERecord?id=CVE-2020-16012

- https://www.cve.org/CVERecord?id=CVE-2020-26951

- https://www.cve.org/CVERecord?id=CVE-2020-26953

- https://www.cve.org/CVERecord?id=CVE-2020-26956

- https://www.cve.org/CVERecord?id=CVE-2020-26958

- https://www.cve.org/CVERecord?id=CVE-2020-26959

- https://www.cve.org/CVERecord?id=CVE-2020-26960

- https://www.cve.org/CVERecord?id=CVE-2020-26961

- https://www.cve.org/CVERecord?id=CVE-2020-26965

- https://www.cve.org/CVERecord?id=CVE-2020-26968

Topics Covered

security advisory software update security issues thunderbird mageia cross-origin image processing

Resolution

SRPMS

- 7/core/thunderbird-78.5.0-1.mga7

- 7/core/thunderbird-l10n-78.5.0-1.mga7

Publication date: 21 Nov 2020

URL: https://advisories.mageia.org/MGASA-2020-0433.html

Type: security

CVE: CVE-2020-16012, CVE-2020-26951, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26968

Topics Covered

security advisory software update security issues thunderbird mageia cross-origin image processing

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia 7: 2020-0433 Moderate: Thunderbird Security Issues

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia 7: 2020-0433 Moderate: Thunderbird Security Issues

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!