{"id":"openSUSE-SU-2017:2209-1","summary":"Security update for MozillaThunderbird","details":"This update for MozillaThunderbird to version 52.3 fixes security issues and bugs.\n    \nThe following vulnerabilities were fixed:\n\n- CVE-2017-7798: XUL injection in the style editor in devtools\n- CVE-2017-7800: Use-after-free in WebSockets during disconnection\n- CVE-2017-7801: Use-after-free with marquee during window resizing\n- CVE-2017-7784: Use-after-free with image observers\n- CVE-2017-7802: Use-after-free resizing image elements\n- CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM\n- CVE-2017-7786: Buffer overflow while painting non-displayable SVG\n- CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements#\n- CVE-2017-7787: Same-origin policy bypass with iframes through page reloads\n- CVE-2017-7807: Domain hijacking through AppCache fallback\n- CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID\n- CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher\n- CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts\n- CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections\n- CVE-2017-7803: CSP containing 'sandbox' improperly applied\n- CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3\n\nThe following bugs were fixed:\n\n- Unwanted inline images shown in rogue SPAM messages\n- Deleting message from the POP3 server not working when maildir storage was used\n- Message disposition flag (replied / forwarded) lost when reply or forwarded message\n  was stored as draft and draft was sent later\n- Inline images not scaled to fit when printing\n- Selected text from another message sometimes included in a reply\n- No authorisation prompt displayed when inserting image into email body although\n  image URL requires authentication\n- Large attachments taking a long time to open under some circumstances\n","modified":"2026-02-04T02:44:50.304142Z","published":"2017-08-18T09:46:47Z","related":["CVE-2017-7753","CVE-2017-7779","CVE-2017-7782","CVE-2017-7784","CVE-2017-7785","CVE-2017-7786","CVE-2017-7787","CVE-2017-7791","CVE-2017-7792","CVE-2017-7798","CVE-2017-7800","CVE-2017-7801","CVE-2017-7802","CVE-2017-7803","CVE-2017-7804","CVE-2017-7807"],"upstream":["CVE-2017-7753","CVE-2017-7779","CVE-2017-7782","CVE-2017-7784","CVE-2017-7785","CVE-2017-7786","CVE-2017-7787","CVE-2017-7791","CVE-2017-7792","CVE-2017-7798","CVE-2017-7800","CVE-2017-7801","CVE-2017-7802","CVE-2017-7803","CVE-2017-7804","CVE-2017-7807"],"references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IJOETQICPAUKQMIRZDYIIRKRSWKSIMF5/#IJOETQICPAUKQMIRZDYIIRKRSWKSIMF5"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052829"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7753"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7779"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7782"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7784"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7785"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7786"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7787"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7791"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7792"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7798"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7800"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7801"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7802"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7803"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7804"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7807"}],"affected":[{"package":{"name":"MozillaThunderbird","ecosystem":"SUSE:Package Hub 12","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.3.0-42.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaThunderbird-devel":"52.3.0-42.1","MozillaThunderbird":"52.3.0-42.1","MozillaThunderbird-translations-other":"52.3.0-42.1","MozillaThunderbird-translations-common":"52.3.0-42.1","MozillaThunderbird-buildsymbols":"52.3.0-42.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2017:2209-1.json"}}],"schema_version":"1.7.3"}