Lucene search

K
altlinuxHttps://packages.altlinux.org/en/sisyphus/security/D8A14B152EA9C50C6F9DDA3FC2AB3683
HistoryJul 21, 2020 - 12:00 a.m.

Security fix for the ALT Linux 10 package thunderbird version 78.0-alt1

2020-07-2100:00:00
https://packages.altlinux.org/en/sisyphus/security/
packages.altlinux.org
8

0.01 Low

EPSS

Percentile

83.9%

July 21, 2020 Andrey Cherepanov 78.0-alt1

- New version (78.0).
- Fixes:
  + CVE-2020-12415 AppCache manifest poisoning due to url encoded character processing
  + CVE-2020-12416 Use-after-free in WebRTC VideoBroadcaster
  + CVE-2020-12417 Memory corruption due to missing sign-extension for ValueTags on ARM64
  + CVE-2020-12418 Information disclosure due to manipulated URL object
  + CVE-2020-12419 Use-after-free in nsGlobalWindowInner
  + CVE-2020-12420 Use-After-Free when trying to connect to a STUN server
  + CVE-2020-15648 X-Frame-Options bypass using object or embed tags
  + CVE-2020-12402 RSA Key Generation vulnerable to side-channel attack
  + CVE-2020-12421 Add-On updates did not respect the same certificate trust rules as software updates
  + CVE-2020-12422 Integer overflow in nsJPEGEncoder::emptyOutputBuffer
  + CVE-2020-12423 DLL Hijacking due to searching %PATH% for a library
  + CVE-2020-12424 WebRTC permission prompt could have been bypassed by a compromised content process
  + CVE-2020-12425 Out of bound read in Date.parse()
  + CVE-2020-12426 Memory safety bugs fixed in Thunderbird 78
- Build with bundled languages: kk, ru, uk.