#14064 closed enhancement (fixed)
thunderbird-78.3.0 (security fix)
| Reported by: | Bruce Dubbs | Owned by: | Pierre Labastie |
|---|---|---|---|
| Priority: | high | Milestone: | 10.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New minor version.
Change History (3)
comment:1 by , 5 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 5 years ago
| Priority: | normal → high |
|---|---|
| Summary: | thunderbird-78.3.0 → thunderbird-78.3.0 (security fix) |
Note:
See TracTickets
for help on using tickets.
Release notes at https://www.thunderbird.net/en-US/thunderbird/78.3.0/releasenotes/
Notably:
Security fixes:
Security Vulnerabilities fixed in Thunderbird 78.3 Announced September 22, 2020 Impact moderate Products Thunderbird Fixed in Thunderbird 78.3 In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. #CVE-2020-15677: Download origin spoofing via redirect Reporter Richard Thomas and Tom Chothia of University of Birmingham Impact moderate Description By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. References Bug 1641487 #CVE-2020-15676: XSS when pasting attacker-controlled data into a contenteditable element Reporter Daniel Fröjdendahl Impact moderate Description Thunderbird sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. References Bug 1646140 #CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario Reporter Lukas Bernhard Impact moderate Description When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. References Bug 1660211 #CVE-2020-15673: Memory safety bugs fixed in Thunderbird 78.3 Reporter Jason Kratzer Impact high Description Mozilla developer Jason Kratzer reported memory safety bugs present in Thunderbird 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Thunderbird 78.3