{"id":"openSUSE-SU-2016:2254-1","summary":"Security update for MozillaThunderbird","details":"\nThis update for MozillaThunderbird fixes the following issues:\n\n- update to Thunderbird 45.3.0 (boo#991809)\n  * Disposition-Notification-To could not be used in\n    mail.compose.other.header\n  * 'edit as new message' on a received message pre-filled the sender\n    as the composing identity.\n  * Certain messages caused corruption of the drafts summary database.\n  security fixes:\n  * MFSA 2016-62/CVE-2016-2836\n    Miscellaneous memory safety hazards\n  * MFSA 2016-63/CVE-2016-2830 (bmo#1255270)\n    Favicon network connection can persist when page is closed\n  * MFSA 2016-64/CVE-2016-2838 (bmo#1279814)\n    Buffer overflow rendering SVG with bidirectional content\n  * MFSA 2016-65/CVE-2016-2839 (bmo#1275339)\n    Cairo rendering crash due to memory allocation issue with FFmpeg 0.10\n  * MFSA 2016-67/CVE-2016-5252 (bmo#1268854)\n    Stack underflow during 2D graphics rendering\n  * MFSA 2016-70/CVE-2016-5254 (bmo#1266963)\n    Use-after-free when using alt key and toplevel menus\n  * MFSA 2016-72/CVE-2016-5258 (bmo#1279146)\n    Use-after-free in DTLS during WebRTC session shutdown\n  * MFSA 2016-73/CVE-2016-5259 (bmo#1282992)\n    Use-after-free in service workers with nested sync events\n  * MFSA 2016-76/CVE-2016-5262 (bmo#1277475)\n    Scripts on marquee tag can execute in sandboxed iframes\n  * MFSA 2016-77/CVE-2016-2837 (bmo#1274637)\n    Buffer overflow in ClearKey Content Decryption Module (CDM)\n    during video playback\n  * MFSA 2016-78/CVE-2016-5263 (bmo#1276897)\n    Type confusion in display transformation\n  * MFSA 2016-79/CVE-2016-5264 (bmo#1286183)\n    Use-after-free when applying SVG effects\n  * MFSA 2016-80/CVE-2016-5265 (bmo#1278013)\n    Same-origin policy violation using local HTML file and saved shortcut file\n\n- Fix for possible buffer overrun (boo#990856)\n  CVE-2016-6354 (bmo#1292534)\n  [mozilla-flex_buffer_overrun.patch]\n\n- add a screenshot to appdata.xml\n","modified":"2026-02-04T03:40:09.080966Z","published":"2016-09-06T18:46:14Z","related":["CVE-2016-2830","CVE-2016-2836","CVE-2016-2837","CVE-2016-2838","CVE-2016-2839","CVE-2016-5252","CVE-2016-5254","CVE-2016-5258","CVE-2016-5259","CVE-2016-5262","CVE-2016-5263","CVE-2016-5264","CVE-2016-5265","CVE-2016-6354"],"upstream":["CVE-2016-2830","CVE-2016-2836","CVE-2016-2837","CVE-2016-2838","CVE-2016-2839","CVE-2016-5252","CVE-2016-5254","CVE-2016-5258","CVE-2016-5259","CVE-2016-5262","CVE-2016-5263","CVE-2016-5264","CVE-2016-5265","CVE-2016-6354"],"references":[{"type":"ADVISORY"},{"type":"REPORT","url":"https://bugzilla.suse.com/990856"},{"type":"REPORT","url":"https://bugzilla.suse.com/991809"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2830"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2836"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2837"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2838"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2839"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5252"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5254"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5258"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5259"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5262"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5263"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5264"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5265"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-6354"}],"affected":[{"package":{"name":"MozillaThunderbird","ecosystem":"SUSE:Package Hub 12","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.3.0-9.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaThunderbird-buildsymbols":"45.3.0-9.1","MozillaThunderbird-devel":"45.3.0-9.1","MozillaThunderbird-translations-other":"45.3.0-9.1","MozillaThunderbird-translations-common":"45.3.0-9.1","MozillaThunderbird":"45.3.0-9.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2016:2254-1.json"}}],"schema_version":"1.7.3"}