Linux Security
    Linux Security
    Linux Security

    openSUSE: 2020:1785-1: important: MozillaThunderbird and mozilla-nspr

    Date 31 Oct 2020
    406
    Posted By LinuxSecurity Advisories
    An update that fixes 6 vulnerabilities is now available.
       openSUSE Security Update: Security update for MozillaThunderbird and mozilla-nspr
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2020:1785-1
    Rating:             important
    References:         #1174230 #1176384 #1176756 #1176899 #1177977 
                        
    Cross-References:   CVE-2020-15673 CVE-2020-15676 CVE-2020-15677
                        CVE-2020-15678 CVE-2020-15683 CVE-2020-15969
                       
    Affected Products:
                        openSUSE Leap 15.1
    ______________________________________________________________________________
    
       An update that fixes 6 vulnerabilities is now available.
    
    Description:
    
       This update for MozillaThunderbird and mozilla-nspr fixes the following
       issues:
    
       - Mozilla Thunderbird 78.4
         * new: MailExtensions: browser.tabs.sendMessage API added
         * new: MailExtensions: messageDisplayScripts API added
         * changed: Yahoo and AOL mail users using password authentication will
           be migrated to OAuth2
         * changed: MailExtensions: messageDisplay APIs extended to support
           multiple selected messages
         * changed: MailExtensions: compose.begin functions now support creating
           a message with attachments
         * fixed: Thunderbird could freeze when updating global search index
         * fixed: Multiple issues with handling of self-signed SSL certificates
           addressed
         * fixed: Recipient address fields in compose window could expand to fill
           all available space
         * fixed: Inserting emoji characters in message compose window caused
           unexpected behavior
         * fixed: Button to restore default folder icon color was not keyboard
           accessible
         * fixed: Various keyboard navigation fixes
         * fixed: Various color-related theme fixes
         * fixed: MailExtensions: Updating attachments with
           onBeforeSend.addListener() did not work MFSA 2020-47 (bsc#1177977)
         * CVE-2020-15969 Use-after-free in usersctp
         * CVE-2020-15683 Memory safety bugs fixed in Thunderbird 78.4
       - Mozilla Thunderbird 78.3.3
         * OpenPGP: Improved support for encrypting with subkeys
         * OpenPGP message status icons were not visible in message header pane
         * Creating a new calendar event did not require an event title
       - Mozilla Thunderbird 78.3.2 (bsc#1176899)
         * OpenPGP: Improved support for encrypting with subkeys
         * OpenPGP: Encrypted messages with international characters were
           sometimes displayed incorrectly
         * Single-click deletion of recipient pills with middle mouse button
           restored
         * Searching an address book list did not display results
         * Dark mode, high contrast, and Windows theming fixes
       - Mozilla Thunderbird 78.3.1
         * fix crash in nsImapProtocol::CreateNewLineFromSocket
       - Mozilla Thunderbird 78.3.0 MFSA 2020-44 (bsc#1176756)
         * CVE-2020-15677 Download origin spoofing via redirect
         * CVE-2020-15676 XSS when pasting attacker-controlled data into a
           contenteditable element
         * CVE-2020-15678 When recursing through layers while scrolling, an
           iterator may have become invalid, resulting in a potential use-after-
           free scenario
         * CVE-2020-15673 Memory safety bugs fixed in Thunderbird 78.3
    
       - update mozilla-nspr to version 4.25.1
         * The macOS platform code for shared library loading was changed to
           support macOS 11.
         * Dependency needed for the MozillaThunderbird udpate
    
       This update was imported from the SUSE:SLE-15:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.1:
    
          zypper in -t patch openSUSE-2020-1785=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.1 (i586 x86_64):
    
          mozilla-nspr-4.25.1-lp151.2.13.1
          mozilla-nspr-debuginfo-4.25.1-lp151.2.13.1
          mozilla-nspr-debugsource-4.25.1-lp151.2.13.1
          mozilla-nspr-devel-4.25.1-lp151.2.13.1
    
       - openSUSE Leap 15.1 (x86_64):
    
          MozillaThunderbird-78.4.0-lp151.2.53.1
          MozillaThunderbird-debuginfo-78.4.0-lp151.2.53.1
          MozillaThunderbird-debugsource-78.4.0-lp151.2.53.1
          MozillaThunderbird-translations-common-78.4.0-lp151.2.53.1
          MozillaThunderbird-translations-other-78.4.0-lp151.2.53.1
          mozilla-nspr-32bit-4.25.1-lp151.2.13.1
          mozilla-nspr-32bit-debuginfo-4.25.1-lp151.2.13.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2020-15673.html
       https://www.suse.com/security/cve/CVE-2020-15676.html
       https://www.suse.com/security/cve/CVE-2020-15677.html
       https://www.suse.com/security/cve/CVE-2020-15678.html
       https://www.suse.com/security/cve/CVE-2020-15683.html
       https://www.suse.com/security/cve/CVE-2020-15969.html
       https://bugzilla.suse.com/1174230
       https://bugzilla.suse.com/1176384
       https://bugzilla.suse.com/1176756
       https://bugzilla.suse.com/1176899
       https://bugzilla.suse.com/1177977
    
    -- 
    

    Advisories

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"3","type":"x","order":"1","pct":9.68,"resources":[]},{"id":"161","title":"1-5 years","votes":"5","type":"x","order":"2","pct":16.13,"resources":[]},{"id":"162","title":"6-10 years","votes":"1","type":"x","order":"3","pct":3.23,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"22","type":"x","order":"4","pct":70.97,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.