75 matches found
Security Vulnerabilities fixed in Thunderbird 78 — Mozilla
When %2F was present in a manifest URL, Thunderbird's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. A VideoStreamEncoder may have been freed in a race...
OPENSUSE-SU-2020:0967-1 Security update for MozillaThunderbird
This update for MozillaThunderbird to version 68.10.0 ESR fixes the following issues: - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 bsc1173576. - CVE-2020-12418: Information disclosure due to manipulated URL object bsc1173576. - CVE-2020-12419:...
Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200714)
Security Fixes : - Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 CVE-2020-12417 - Mozilla: Information disclosure due to manipulated URL object CVE-2020-12418 - Mozilla: Use-after-free in nsGlobalWindowInner CVE-2020-12419 - Mozilla: Use-After-Free when trying to...
Security update for MozillaThunderbird (important)
openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2020:0967-1 Rating: important References: 1173576 Cross-References: CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 Affected Products: openSUSE Leap 15.1 An update that fixes 5...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Mozilla: Add-On updates did not respect the same certificate trust rules as software updates
The Mozilla Foundation Security Advisory describes this flaw as: When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
RHEL 8 : thunderbird (RHSA-2020:2907)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2907 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.10.0. Security Fixes: Mozilla:...
SUSE-SU-2020:1900-1 Security update for MozillaThunderbird
This update for MozillaThunderbird to version 68.10.0 ESR fixes the following issues: - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 bsc1173576. - CVE-2020-12418: Information disclosure due to manipulated URL object bsc1173576. - CVE-2020-12419:...
SUSE-SU-2020:1899-1 Security update for MozillaFirefox
This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing bsc1173576. - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster bsc1173576. - CVE-2020-12417: Memor...
CentOS 7 : firefox (RHSA-2020:2827)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2827 advisory. - Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially...
CentOS 6 : firefox (RHSA-2020:2824)
The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2824 advisory. - Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This...
CVE-2020-12421
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR 68.10...
DEBIAN-CVE-2020-12421
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR 68.10...
CVE-2020-12421
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR 68.10...
Code injection
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR 68.10...
CVE-2020-12421
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR 68.10...
CVE-2020-12421
CVE-2020-12421 describes a flaw where add-on updates could reject certificate chains terminating in non-built-in roots, causing add-ons to appear out-of-date without user notification. Public advisories place affected products as Mozilla Firefox ESR (<68.10) and Firefox (<78) and Thunderbird (
CVE-2020-12421
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected even if they were legitimately added by an administrator. This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR 68.10...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Thunderbird vulnerabilities (USN-4421-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4421-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a...