Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-17466 (GCVE-0-2018-17466)
Vulnerability from cvelistv5 – Published: 2018-11-14 15:00 – Updated: 2024-08-05 10:47
VLAI
EPSS
Summary
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Severity
No CVSS data available.
CWE
- Out of bounds read
Assigner
References
16 references
Impacted products
Date Public
2018-11-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html"
},
{
"name": "RHSA-2018:3833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3833"
},
{
"name": "RHSA-2018:3831",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3831"
},
{
"name": "DSA-4362",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4362"
},
{
"name": "DSA-4330",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4330"
},
{
"name": "USN-3844-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3844-1/"
},
{
"name": "106168",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106168"
},
{
"name": "RHSA-2019:0159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0159"
},
{
"name": "RHSA-2018:3004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name": "DSA-4354",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4354"
},
{
"name": "GLSA-201811-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-10"
},
{
"name": "USN-3868-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3868-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/880906"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name": "105666",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105666"
},
{
"name": "RHSA-2019:0160",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "70.0.3538.67",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-25T10:57:01.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html"
},
{
"name": "RHSA-2018:3833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3833"
},
{
"name": "RHSA-2018:3831",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3831"
},
{
"name": "DSA-4362",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4362"
},
{
"name": "DSA-4330",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4330"
},
{
"name": "USN-3844-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3844-1/"
},
{
"name": "106168",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106168"
},
{
"name": "RHSA-2019:0159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0159"
},
{
"name": "RHSA-2018:3004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name": "DSA-4354",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4354"
},
{
"name": "GLSA-201811-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-10"
},
{
"name": "USN-3868-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3868-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/880906"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name": "105666",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105666"
},
{
"name": "RHSA-2019:0160",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0160"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-17466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "70.0.3538.67"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html"
},
{
"name": "RHSA-2018:3833",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3833"
},
{
"name": "RHSA-2018:3831",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3831"
},
{
"name": "DSA-4362",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4362"
},
{
"name": "DSA-4330",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4330"
},
{
"name": "USN-3844-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3844-1/"
},
{
"name": "106168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106168"
},
{
"name": "RHSA-2019:0159",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0159"
},
{
"name": "RHSA-2018:3004",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name": "DSA-4354",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4354"
},
{
"name": "GLSA-201811-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-10"
},
{
"name": "USN-3868-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3868-1/"
},
{
"name": "https://crbug.com/880906",
"refsource": "MISC",
"url": "https://crbug.com/880906"
},
{
"name": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name": "105666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105666"
},
{
"name": "RHSA-2019:0160",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0160"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-17466",
"datePublished": "2018-11-14T15:00:00.000Z",
"dateReserved": "2018-09-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:47:04.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-17466",
"date": "2026-05-29",
"epss": "0.01106",
"percentile": "0.78392"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-17466\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2018-11-14T15:29:00.437\",\"lastModified\":\"2024-11-21T03:54:28.967\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"El manejo incorrecto de texturas en Angle en Google Chrome en versiones anteriores a la 70.0.3538.67 permit\u00eda que un atacante remoto pudiese realizar una lectura de memoria fuera de l\u00edmites mediante una p\u00e1gina HTML manipulada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"70.0.3538.67\",\"matchCriteriaId\":\"64574A86-7E78-43FC-97E2-120811486E14\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105666\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/106168\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3004\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3831\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3833\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0159\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0160\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/880906\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/201811-10\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://usn.ubuntu.com/3844-1/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://usn.ubuntu.com/3868-1/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4330\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4354\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4362\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/105666\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/106168\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3831\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3833\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/880906\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201811-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3844-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3868-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4330\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4354\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4362\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Title
Уязвимость библиотеи angle веб-браузера Chrome, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость библиотеи angle веб-браузера Chrome вызвана выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код, вызвать отказ в обслуживании или раскрыть защищаемую информацию через специально созданную HTML-страницу
Severity
Vendor
Google Inc, ООО «РусБИТех-Астра»
Software Name
Google Chrome, Astra Linux Special Edition (запись в едином реестре российских программ №369)
Software Version
до 70.0.3538.67 (Google Chrome), 1.6 «Смоленск» (Astra Linux Special Edition)
Possible Mitigations
Для Google Chrome:
Обновление программного обеспечения до 70.0.3538.67 или более поздней версии
Для Astra Linux:
Обновление программного обеспечения (пакета chromium-browser) до 70.0.3538.67-1~deb9u1 или более поздней версии
Reference
http://securitylab.ru/vulnerability/496097.php
https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
https://bugs.chromium.org/p/chromium/issues/detail?id=880906
https://nvd.nist.gov/vuln/detail/CVE-2018-17466
https://security-tracker.debian.org/tracker/CVE-2018-17466
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Google Inc, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 70.0.3538.67 (Google Chrome), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Google Chrome:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 70.0.3538.67 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 chromium-browser) \u0434\u043e 70.0.3538.67-1~deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.09.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.11.2018",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2018-01339",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-17466",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Google Chrome, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u0438 angle \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Chrome, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u0438 angle \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Chrome \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0447\u0435\u0440\u0435\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u0443\u044e HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://securitylab.ru/vulnerability/496097.php\nhttps://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=880906\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17466\nhttps://security-tracker.debian.org/tracker/CVE-2018-17466",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
CERTFR-2018-AVI-492
Vulnerability from certfr_avis - Published: 2018-10-17 - Updated: 2018-10-17
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 70.0.3538.67",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-17463",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17463"
},
{
"name": "CVE-2018-17476",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17476"
},
{
"name": "CVE-2018-17468",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17468"
},
{
"name": "CVE-2018-17464",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17464"
},
{
"name": "CVE-2018-17473",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17473"
},
{
"name": "CVE-2018-17474",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17474"
},
{
"name": "CVE-2018-17471",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17471"
},
{
"name": "CVE-2018-5179",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5179"
},
{
"name": "CVE-2018-17467",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17467"
},
{
"name": "CVE-2018-17475",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17475"
},
{
"name": "CVE-2018-17470",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17470"
},
{
"name": "CVE-2018-17462",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17462"
},
{
"name": "CVE-2018-17466",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17466"
},
{
"name": "CVE-2018-17465",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17465"
},
{
"name": "CVE-2018-17469",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17469"
},
{
"name": "CVE-2018-17477",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17477"
},
{
"name": "CVE-2018-17472",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17472"
}
],
"initial_release_date": "2018-10-17T00:00:00",
"last_revision_date": "2018-10-17T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-492",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 16 octobre 2018",
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29"
}
]
}
CERTFR-2018-AVI-592
Vulnerability from certfr_avis - Published: 2018-12-12 - Updated: 2018-12-12
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 60.4",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 64",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-18495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18495"
},
{
"name": "CVE-2018-18492",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18492"
},
{
"name": "CVE-2018-12406",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12406"
},
{
"name": "CVE-2018-18494",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18494"
},
{
"name": "CVE-2018-18498",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18498"
},
{
"name": "CVE-2018-17466",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17466"
},
{
"name": "CVE-2018-18497",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18497"
},
{
"name": "CVE-2018-18493",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18493"
},
{
"name": "CVE-2018-12405",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12405"
},
{
"name": "CVE-2018-12407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12407"
},
{
"name": "CVE-2018-18496",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18496"
}
],
"initial_release_date": "2018-12-12T00:00:00",
"last_revision_date": "2018-12-12T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-592",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-30 du 11 d\u00e9cembre 2018",
"url": "http://www.mozilla.org/en-US/security/advisories/mfsa2018-30/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2018-29 du 11 d\u00e9cembre 2018",
"url": "http://www.mozilla.org/en-US/security/advisories/mfsa2018-29/"
}
]
}
Title
Google Chrome ANGLE内存破坏漏洞
Description
Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。ANGLE(Almost Native Graphics Layer Engine)是一个图形层引擎,它允许Windows用户通过把OpenGL ES 2.0 API转译为DirectX 9或DirectX 11 API调用,来运行WebGL和其他OpenGL ES 2.0内容。
Google Chrome 70.0.3538.67之前版本中的ANGLE存在内存破坏漏洞。远程攻击者可借助特制的HTML页面利用该漏洞在系统上执行任意代码或造成拒绝服务(越界读取内存)。
Severity
高
Patch Name
Google Chrome ANGLE内存破坏漏洞的补丁
Patch Description
Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。ANGLE(Almost Native Graphics Layer Engine)是一个图形层引擎,它允许Windows用户通过把OpenGL ES 2.0 API转译为DirectX 9或DirectX 11 API调用,来运行WebGL和其他OpenGL ES 2.0内容。
Google Chrome 70.0.3538.67之前版本中的ANGLE存在内存破坏漏洞。远程攻击者可借助特制的HTML页面利用该漏洞在系统上执行任意代码或造成拒绝服务(越界读取内存)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://chromereleases.googleblog.com/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-17466
Impacted products
| Name | Google Chrome <70.0.3538.67 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-17466"
}
},
"description": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002ANGLE\uff08Almost Native Graphics Layer Engine\uff09\u662f\u4e00\u4e2a\u56fe\u5f62\u5c42\u5f15\u64ce\uff0c\u5b83\u5141\u8bb8Windows\u7528\u6237\u901a\u8fc7\u628aOpenGL ES 2.0 API\u8f6c\u8bd1\u4e3aDirectX 9\u6216DirectX 11 API\u8c03\u7528\uff0c\u6765\u8fd0\u884cWebGL\u548c\u5176\u4ed6OpenGL ES 2.0\u5185\u5bb9\u3002\n\nGoogle Chrome 70.0.3538.67\u4e4b\u524d\u7248\u672c\u4e2d\u7684ANGLE\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684HTML\u9875\u9762\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8d8a\u754c\u8bfb\u53d6\u5185\u5b58\uff09\u3002",
"discovererName": "Omair",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://chromereleases.googleblog.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-24372",
"openTime": "2018-11-30",
"patchDescription": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002ANGLE\uff08Almost Native Graphics Layer Engine\uff09\u662f\u4e00\u4e2a\u56fe\u5f62\u5c42\u5f15\u64ce\uff0c\u5b83\u5141\u8bb8Windows\u7528\u6237\u901a\u8fc7\u628aOpenGL ES 2.0 API\u8f6c\u8bd1\u4e3aDirectX 9\u6216DirectX 11 API\u8c03\u7528\uff0c\u6765\u8fd0\u884cWebGL\u548c\u5176\u4ed6OpenGL ES 2.0\u5185\u5bb9\u3002\r\n\r\nGoogle Chrome 70.0.3538.67\u4e4b\u524d\u7248\u672c\u4e2d\u7684ANGLE\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684HTML\u9875\u9762\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8d8a\u754c\u8bfb\u53d6\u5185\u5b58\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google Chrome ANGLE\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Google Chrome \u003c70.0.3538.67"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-17466",
"serverity": "\u9ad8",
"submitTime": "2018-10-19",
"title": "Google Chrome ANGLE\u5185\u5b58\u7834\u574f\u6f0f\u6d1e"
}
FKIE_CVE-2018-17466
Vulnerability from fkie_nvd - Published: 2018-11-14 15:29 - Updated: 2024-11-21 03:54
Severity
Summary
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64574A86-7E78-43FC-97E2-120811486E14",
"versionEndExcluding": "70.0.3538.67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
},
{
"lang": "es",
"value": "El manejo incorrecto de texturas en Angle en Google Chrome en versiones anteriores a la 70.0.3538.67 permit\u00eda que un atacante remoto pudiese realizar una lectura de memoria fuera de l\u00edmites mediante una p\u00e1gina HTML manipulada."
}
],
"id": "CVE-2018-17466",
"lastModified": "2024-11-21T03:54:28.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-14T15:29:00.437",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/105666"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/106168"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2018:3831"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2018:3833"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2019:0159"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2019:0160"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/880906"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/201811-10"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://usn.ubuntu.com/3844-1/"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://usn.ubuntu.com/3868-1/"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://www.debian.org/security/2018/dsa-4330"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://www.debian.org/security/2018/dsa-4354"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://www.debian.org/security/2019/dsa-4362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/105666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/106168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:3831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:3833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:0159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:0160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/880906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201811-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3844-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3868-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2018/dsa-4330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2018/dsa-4354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2019/dsa-4362"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-39C8-XRQG-GQ92
Vulnerability from github – Published: 2022-05-14 01:28 – Updated: 2022-05-14 01:28
VLAI
Details
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2018-17466"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-14T15:29:00Z",
"severity": "HIGH"
},
"details": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"id": "GHSA-39c8-xrqg-gq92",
"modified": "2022-05-14T01:28:58Z",
"published": "2022-05-14T01:28:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17466"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3831"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3833"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0159"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0160"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/880906"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201811-10"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3844-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3868-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4330"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4354"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4362"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105666"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106168"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-17466
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-17466",
"description": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"id": "GSD-2018-17466",
"references": [
"https://www.suse.com/security/cve/CVE-2018-17466.html",
"https://www.debian.org/security/2019/dsa-4362",
"https://www.debian.org/security/2018/dsa-4354",
"https://www.debian.org/security/2018/dsa-4330",
"https://access.redhat.com/errata/RHSA-2019:0160",
"https://access.redhat.com/errata/RHSA-2019:0159",
"https://access.redhat.com/errata/RHSA-2018:3833",
"https://access.redhat.com/errata/RHSA-2018:3831",
"https://access.redhat.com/errata/RHSA-2018:3004",
"https://ubuntu.com/security/CVE-2018-17466",
"https://advisories.mageia.org/CVE-2018-17466.html",
"https://security.archlinux.org/CVE-2018-17466",
"https://linux.oracle.com/cve/CVE-2018-17466.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-17466"
],
"details": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"id": "GSD-2018-17466",
"modified": "2023-12-13T01:22:31.161526Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-17466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html"
},
{
"name": "RHSA-2018:3833",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3833"
},
{
"name": "RHSA-2018:3831",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3831"
},
{
"name": "DSA-4362",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4362"
},
{
"name": "DSA-4330",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4330"
},
{
"name": "USN-3844-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3844-1/"
},
{
"name": "106168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106168"
},
{
"name": "RHSA-2019:0159",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0159"
},
{
"name": "RHSA-2018:3004",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name": "DSA-4354",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4354"
},
{
"name": "GLSA-201811-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-10"
},
{
"name": "USN-3868-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3868-1/"
},
{
"name": "https://crbug.com/880906",
"refsource": "MISC",
"url": "https://crbug.com/880906"
},
{
"name": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name": "105666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105666"
},
{
"name": "RHSA-2019:0160",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0160"
}
]
}
},
"mozilla.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-17466"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60.4"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60.4"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow and out-of-bounds read can occur in \u003ccode\u003eTextureStorage11\u003c/code\u003e within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash. This vulnerability affects Firefox \u003c 64, Thunderbird \u003c 60.4, and Firefox ESR \u003c 60.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2018-30/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2018-29/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2018-31/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1488295"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "70.0.3538.67",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-17466"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/880906",
"refsource": "MISC",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://crbug.com/880906"
},
{
"name": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name": "DSA-4330",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4330"
},
{
"name": "RHSA-2018:3004",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name": "105666",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105666"
},
{
"name": "GLSA-201811-10",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201811-10"
},
{
"name": "USN-3844-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3844-1/"
},
{
"name": "106168",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106168"
},
{
"name": "DSA-4354",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4354"
},
{
"name": "[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html"
},
{
"name": "RHSA-2018:3833",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3833"
},
{
"name": "RHSA-2018:3831",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3831"
},
{
"name": "DSA-4362",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4362"
},
{
"name": "USN-3868-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3868-1/"
},
{
"name": "RHSA-2019:0160",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0160"
},
{
"name": "RHSA-2019:0159",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0159"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-03-05T15:57Z",
"publishedDate": "2018-11-14T15:29Z"
}
}
}
OPENSUSE-SU-2018:3835-1
Vulnerability from csaf_opensuse - Published: 2018-11-20 18:13 - Updated: 2018-11-20 18:13Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update contains Chromium 70.0.3538.102 and fixes security issues and bugs.
Vulnerabilities fixed in 70.0.3538.102:
- CVE-2018-17478: Out of bounds memory access in V8 (boo#1115537)
Vulnerabilities fixed in 70.0.3538.67 (bsc#1112111):
- CVE-2018-17462: Sandbox escape in AppCache
- CVE-2018-17463: Remote code execution in V8
- Heap buffer overflow in Little CMS in PDFium
- CVE-2018-17464: URL spoof in Omnibox
- CVE-2018-17465: Use after free in V8
- CVE-2018-17466: Memory corruption in Angle
- CVE-2018-17467: URL spoof in Omnibox
- CVE-2018-17468: Cross-origin URL disclosure in Blink
- CVE-2018-17469: Heap buffer overflow in PDFium
- CVE-2018-17470: Memory corruption in GPU Internals
- CVE-2018-17471: Security UI occlusion in full screen mode
- CVE-2018-17473: URL spoof in Omnibox
- CVE-2018-17474: Use after free in Blink
- CVE-2018-17475: URL spoof in Omnibox
- CVE-2018-17476: Security UI occlusion in full screen mode
- CVE-2018-5179: Lack of limits on update() in ServiceWorker
- CVE-2018-17477: UI spoof in Extensions
This update contains the following packaging changes:
- VAAPI hardware accelerated rendering is now enabled by default.
- Use the system libusb-1.0 library
- Use bundled harfbuzz library
- Disable gnome-keyring to avoid crashes
- noto-emoji-fonts is no longer a recommended dependency
Patchnames: openSUSE-2018-1436
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.6 (Critical)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.6 (Critical)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
78 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update contains Chromium 70.0.3538.102 and fixes security issues and bugs.\n\nVulnerabilities fixed in 70.0.3538.102:\n\n- CVE-2018-17478: Out of bounds memory access in V8 (boo#1115537)\n \nVulnerabilities fixed in 70.0.3538.67 (bsc#1112111):\n \n- CVE-2018-17462: Sandbox escape in AppCache\n- CVE-2018-17463: Remote code execution in V8\n- Heap buffer overflow in Little CMS in PDFium\n- CVE-2018-17464: URL spoof in Omnibox\n- CVE-2018-17465: Use after free in V8\n- CVE-2018-17466: Memory corruption in Angle\n- CVE-2018-17467: URL spoof in Omnibox\n- CVE-2018-17468: Cross-origin URL disclosure in Blink\n- CVE-2018-17469: Heap buffer overflow in PDFium\n- CVE-2018-17470: Memory corruption in GPU Internals\n- CVE-2018-17471: Security UI occlusion in full screen mode\n- CVE-2018-17473: URL spoof in Omnibox\n- CVE-2018-17474: Use after free in Blink\n- CVE-2018-17475: URL spoof in Omnibox\n- CVE-2018-17476: Security UI occlusion in full screen mode\n- CVE-2018-5179: Lack of limits on update() in ServiceWorker\n- CVE-2018-17477: UI spoof in Extensions\n\nThis update contains the following packaging changes:\n\n- VAAPI hardware accelerated rendering is now enabled by default.\n- Use the system libusb-1.0 library\n- Use bundled harfbuzz library\n- Disable gnome-keyring to avoid crashes\n- noto-emoji-fonts is no longer a recommended dependency\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2018-1436",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_3835-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2018:3835-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2018:3835-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I"
},
{
"category": "self",
"summary": "SUSE Bug 1112111",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "self",
"summary": "SUSE Bug 1115537",
"url": "https://bugzilla.suse.com/1115537"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17462 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17463 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17464 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17465 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17466 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17467 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17468 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17469 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17470 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17471 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17472 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17472/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17473 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17473/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17474 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17474/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17475 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17475/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17476 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17477 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17478 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5179 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5179/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2018-11-20T18:13:21Z",
"generator": {
"date": "2018-11-20T18:13:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2018:3835-1",
"initial_release_date": "2018-11-20T18:13:21Z",
"revision_history": [
{
"date": "2018-11-20T18:13:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-70.0.3538.102-74.1.x86_64",
"product": {
"name": "chromedriver-70.0.3538.102-74.1.x86_64",
"product_id": "chromedriver-70.0.3538.102-74.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-70.0.3538.102-74.1.x86_64",
"product": {
"name": "chromium-70.0.3538.102-74.1.x86_64",
"product_id": "chromium-70.0.3538.102-74.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12 SP2",
"product": {
"name": "SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-70.0.3538.102-74.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64"
},
"product_reference": "chromedriver-70.0.3538.102-74.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-70.0.3538.102-74.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
},
"product_reference": "chromium-70.0.3538.102-74.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-17462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17462"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17462",
"url": "https://www.suse.com/security/cve/CVE-2018-17462"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17462",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17462",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17462"
},
{
"cve": "CVE-2018-17463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17463"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17463",
"url": "https://www.suse.com/security/cve/CVE-2018-17463"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17463",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17463",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17463"
},
{
"cve": "CVE-2018-17464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17464"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17464",
"url": "https://www.suse.com/security/cve/CVE-2018-17464"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17464",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17464",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17464"
},
{
"cve": "CVE-2018-17465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17465"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17465",
"url": "https://www.suse.com/security/cve/CVE-2018-17465"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17465",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17465",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17465"
},
{
"cve": "CVE-2018-17466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17466"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17466",
"url": "https://www.suse.com/security/cve/CVE-2018-17466"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17466"
},
{
"cve": "CVE-2018-17467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17467"
}
],
"notes": [
{
"category": "general",
"text": "Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17467",
"url": "https://www.suse.com/security/cve/CVE-2018-17467"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17467",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17467",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17467"
},
{
"cve": "CVE-2018-17468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17468"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17468",
"url": "https://www.suse.com/security/cve/CVE-2018-17468"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17468",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17468",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17468"
},
{
"cve": "CVE-2018-17469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17469"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17469",
"url": "https://www.suse.com/security/cve/CVE-2018-17469"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17469",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17469",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17469"
},
{
"cve": "CVE-2018-17470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17470"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17470",
"url": "https://www.suse.com/security/cve/CVE-2018-17470"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17470",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17470",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17470"
},
{
"cve": "CVE-2018-17471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17471"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17471",
"url": "https://www.suse.com/security/cve/CVE-2018-17471"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17471",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17471",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17471"
},
{
"cve": "CVE-2018-17472",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17472"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the \u003ciframe\u003e sandbox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17472",
"url": "https://www.suse.com/security/cve/CVE-2018-17472"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17472",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17472",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17472"
},
{
"cve": "CVE-2018-17473",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17473"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17473",
"url": "https://www.suse.com/security/cve/CVE-2018-17473"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17473",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17473",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17473"
},
{
"cve": "CVE-2018-17474",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17474"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17474",
"url": "https://www.suse.com/security/cve/CVE-2018-17474"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17474",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17474",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17474"
},
{
"cve": "CVE-2018-17475",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17475"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17475",
"url": "https://www.suse.com/security/cve/CVE-2018-17475"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17475",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17475",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17475"
},
{
"cve": "CVE-2018-17476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17476"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17476",
"url": "https://www.suse.com/security/cve/CVE-2018-17476"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17476",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17476",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17476"
},
{
"cve": "CVE-2018-17477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17477"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17477",
"url": "https://www.suse.com/security/cve/CVE-2018-17477"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17477",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17477",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17477"
},
{
"cve": "CVE-2018-17478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17478"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17478",
"url": "https://www.suse.com/security/cve/CVE-2018-17478"
},
{
"category": "external",
"summary": "SUSE Bug 1115537 for CVE-2018-17478",
"url": "https://bugzilla.suse.com/1115537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17478"
},
{
"cve": "CVE-2018-5179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5179"
}
],
"notes": [
{
"category": "general",
"text": "A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5179",
"url": "https://www.suse.com/security/cve/CVE-2018-5179"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-5179",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-5179",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-5179"
}
]
}
OPENSUSE-SU-2019:0249-1
Vulnerability from csaf_opensuse - Published: 2019-02-26 09:44 - Updated: 2019-02-26 09:44Summary
Security update for MozillaThunderbird
Severity
Important
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update for MozillaThunderbird to version 60.5.1 fixes the following issues:
Security vulnerabilities addressed (MFSA 2019-03 MFSA 2018-31 bsc#1122983 and MFSA 2019-06 bsc#1125330):
- CVE-2018-18356: Fixed a Use-after-free in Skia.
- CVE-2019-5785: Fixed an Integer overflow in Skia.
- CVE-2018-18335: Fixed a Buffer overflow in Skia by default deactivating Canvas 2D.
This issue does not affect Linuc distributions.
- CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME signatures
showing mistekenly that emails bring a valid sugnature.
- CVE-2018-18500: Use-after-free parsing HTML5 stream
- CVE-2018-18505: Privilege escalation through IPC channel messages
- CVE-2016-5824: DoS (use-after-free) via a crafted ics file
- CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
- CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with
TextureStorage11
- CVE-2018-18492: Use-after-free with select element
- CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
- CVE-2018-18494: Same-origin policy violation using location attribute and
performance.getEntries to steal cross-origin URLs
- CVE-2018-18498: Integer overflow when calculating buffer sizes for images
- CVE-2018-12405: Memory safety bugs
Other bug fixes and changes:
* FileLink provider WeTransfer to upload large attachments
* Thunderbird now allows the addition of OpenSearch search engines
from a local XML file using a minimal user inferface: [+] button
to select a file an add, [-] to remove.
* More search engines: Google and DuckDuckGo available by default
in some locales
* During account creation, Thunderbird will now detect servers
using the Microsoft Exchange protocol. It will offer the
installation of a 3rd party add-on (Owl) which supports that
protocol.
* Thunderbird now compatible with other WebExtension-based
FileLink add-ons like the Dropbox add-on
* New WebExtensions FileLink API to facilitate add-ons
* Fix decoding problems for messages with less common charsets
(cp932, cp936)
* New messages in the drafts folder (and other special or virtual
folders) will no longer be included in the new messages
notification
* Thunderbird 60 will migrate security databases (key3.db, cert8.db
to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a
fault that potentially deleted saved passwords and private certificate
keys for users using a master password. Version 60.3.3 will prevent
the loss of data; affected users who have already upgraded to version
60.3.2 or earlier can restore the deleted key3.db file from backup
to complete the migration.
* Address book search and auto-complete slowness introduced in
Thunderbird 60.3.2
* Plain text markup with * for bold, / for italics, _ for underline
and | for code did not work when the enclosed text contained
non-ASCII characters
* While composing a message, a link not removed when link location
was removed in the link properties panel
* Encoding problems when exporting address books or messages using
the system charset. Messages are now always exported using the
UTF-8 encoding
* If the 'Date' header of a message was invalid, Jan 1970 or Dec 1969
was displayed. Now using date from 'Received' header instead.
* Body search/filtering didn't reliably ignore content of tags
* Inappropriate warning 'Thunderbird prevented the site
(addons.thunderbird.net) from asking you to install software on
your computer' when installing add-ons
* Incorrect display of correspondents column since own email
address was not always detected
* Spurious 
 (encoded newline) inserted into drafts and sent email
* Double-clicking on a word in the Write window sometimes
launched the Advanced Property Editor or Link Properties dialog
* Fixe Cookie removal
* 'Download rest of message' was not working if global inbox was
used
* Fix Encoding problems for users (especially in Poland) when a
file was sent via a folder using 'Sent to > Mail recipient'
due to a problem in the Thunderbird MAPI interface
* According to RFC 4616 and RFC 5721, passwords containing
non-ASCII characters are encoded using UTF-8 which can lead to
problems with non-compliant providers, for example
office365.com. The SMTP LOGIN and POP3 USER/PASS
authentication methods are now using a Latin-1 encoding again
to work around this issue
* Fix shutdown crash/hang after entering an empty IMAP password
Patchnames: openSUSE-2019-249
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
72 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaThunderbird to version 60.5.1 fixes the following issues:\n\nSecurity vulnerabilities addressed (MFSA 2019-03 MFSA 2018-31 bsc#1122983 and MFSA 2019-06 bsc#1125330):\n\n- CVE-2018-18356: Fixed a Use-after-free in Skia.\n- CVE-2019-5785: Fixed an Integer overflow in Skia.\n- CVE-2018-18335: Fixed a Buffer overflow in Skia by default deactivating Canvas 2D.\n This issue does not affect Linuc distributions.\n- CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME signatures\n showing mistekenly that emails bring a valid sugnature. \n- CVE-2018-18500: Use-after-free parsing HTML5 stream\n- CVE-2018-18505: Privilege escalation through IPC channel messages\n- CVE-2016-5824: DoS (use-after-free) via a crafted ics file\n- CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5\n- CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with\n TextureStorage11\n- CVE-2018-18492: Use-after-free with select element\n- CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia\n- CVE-2018-18494: Same-origin policy violation using location attribute and\n performance.getEntries to steal cross-origin URLs\n- CVE-2018-18498: Integer overflow when calculating buffer sizes for images\n- CVE-2018-12405: Memory safety bugs\n\nOther bug fixes and changes:\n\n* FileLink provider WeTransfer to upload large attachments\n* Thunderbird now allows the addition of OpenSearch search engines\n from a local XML file using a minimal user inferface: [+] button\n to select a file an add, [-] to remove.\n* More search engines: Google and DuckDuckGo available by default\n in some locales\n* During account creation, Thunderbird will now detect servers\n using the Microsoft Exchange protocol. It will offer the\n installation of a 3rd party add-on (Owl) which supports that\n protocol.\n* Thunderbird now compatible with other WebExtension-based\n FileLink add-ons like the Dropbox add-on\n* New WebExtensions FileLink API to facilitate add-ons\n* Fix decoding problems for messages with less common charsets\n (cp932, cp936)\n* New messages in the drafts folder (and other special or virtual\n folders) will no longer be included in the new messages\n notification\n* Thunderbird 60 will migrate security databases (key3.db, cert8.db\n to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a\n fault that potentially deleted saved passwords and private certificate\n keys for users using a master password. Version 60.3.3 will prevent\n the loss of data; affected users who have already upgraded to version\n 60.3.2 or earlier can restore the deleted key3.db file from backup\n to complete the migration.\n* Address book search and auto-complete slowness introduced in\n Thunderbird 60.3.2\n* Plain text markup with * for bold, / for italics, _ for underline\n and | for code did not work when the enclosed text contained\n non-ASCII characters\n* While composing a message, a link not removed when link location\n was removed in the link properties panel\n* Encoding problems when exporting address books or messages using\n the system charset. Messages are now always exported using the\n UTF-8 encoding\n* If the \u0027Date\u0027 header of a message was invalid, Jan 1970 or Dec 1969\n was displayed. Now using date from \u0027Received\u0027 header instead.\n* Body search/filtering didn\u0027t reliably ignore content of tags\n* Inappropriate warning \u0027Thunderbird prevented the site\n (addons.thunderbird.net) from asking you to install software on\n your computer\u0027 when installing add-ons\n* Incorrect display of correspondents column since own email\n address was not always detected\n* Spurious \u0026#xA; (encoded newline) inserted into drafts and sent email\n* Double-clicking on a word in the Write window sometimes\n launched the Advanced Property Editor or Link Properties dialog\n* Fixe Cookie removal\n* \u0027Download rest of message\u0027 was not working if global inbox was\n used\n* Fix Encoding problems for users (especially in Poland) when a\n file was sent via a folder using \u0027Sent to \u003e Mail recipient\u0027\n due to a problem in the Thunderbird MAPI interface\n* According to RFC 4616 and RFC 5721, passwords containing\n non-ASCII characters are encoded using UTF-8 which can lead to\n problems with non-compliant providers, for example\n office365.com. The SMTP LOGIN and POP3 USER/PASS\n authentication methods are now using a Latin-1 encoding again\n to work around this issue\n* Fix shutdown crash/hang after entering an empty IMAP password\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-249",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0249-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:0249-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NSXP45BAXW5ILKJSQRXHTBUOBZUKLD2F/#NSXP45BAXW5ILKJSQRXHTBUOBZUKLD2F"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:0249-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NSXP45BAXW5ILKJSQRXHTBUOBZUKLD2F/#NSXP45BAXW5ILKJSQRXHTBUOBZUKLD2F"
},
{
"category": "self",
"summary": "SUSE Bug 1122983",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "self",
"summary": "SUSE Bug 1125330",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5824 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12405 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17466 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18335 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18356 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18492 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18493 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18493/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18494 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18498 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18500 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18501 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18505 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18509 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5785 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5785/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2019-02-26T09:44:25Z",
"generator": {
"date": "2019-02-26T09:44:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:0249-1",
"initial_release_date": "2019-02-26T09:44:25Z",
"revision_history": [
{
"date": "2019-02-26T09:44:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-60.5.1-79.1.x86_64",
"product": {
"name": "MozillaThunderbird-60.5.1-79.1.x86_64",
"product_id": "MozillaThunderbird-60.5.1-79.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"product": {
"name": "MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"product_id": "MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-60.5.1-79.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-60.5.1-79.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-60.5.1-79.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-60.5.1-79.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64"
},
"product_reference": "MozillaThunderbird-60.5.1-79.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64"
},
"product_reference": "MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-60.5.1-79.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-60.5.1-79.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-60.5.1-79.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5824"
}
],
"notes": [
{
"category": "general",
"text": "libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5824",
"url": "https://www.suse.com/security/cve/CVE-2016-5824"
},
{
"category": "external",
"summary": "SUSE Bug 1015964 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/1015964"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986631 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986631"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986639"
},
{
"category": "external",
"summary": "SUSE Bug 986642 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986642"
},
{
"category": "external",
"summary": "SUSE Bug 986658 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2016-5824"
},
{
"cve": "CVE-2018-12405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12405"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12405",
"url": "https://www.suse.com/security/cve/CVE-2018-12405"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-12405"
},
{
"cve": "CVE-2018-17466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17466"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17466",
"url": "https://www.suse.com/security/cve/CVE-2018-17466"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-17466"
},
{
"cve": "CVE-2018-18335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18335"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18335",
"url": "https://www.suse.com/security/cve/CVE-2018-18335"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18335",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18335",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18335"
},
{
"cve": "CVE-2018-18356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18356"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18356",
"url": "https://www.suse.com/security/cve/CVE-2018-18356"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18356"
},
{
"cve": "CVE-2018-18492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18492"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18492",
"url": "https://www.suse.com/security/cve/CVE-2018-18492"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18492"
},
{
"cve": "CVE-2018-18493",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18493"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18493",
"url": "https://www.suse.com/security/cve/CVE-2018-18493"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18493"
},
{
"cve": "CVE-2018-18494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18494"
}
],
"notes": [
{
"category": "general",
"text": "A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18494",
"url": "https://www.suse.com/security/cve/CVE-2018-18494"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18494"
},
{
"cve": "CVE-2018-18498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18498"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18498",
"url": "https://www.suse.com/security/cve/CVE-2018-18498"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18498"
},
{
"cve": "CVE-2018-18500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18500"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18500",
"url": "https://www.suse.com/security/cve/CVE-2018-18500"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18500",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18500",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18500"
},
{
"cve": "CVE-2018-18501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18501"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18501",
"url": "https://www.suse.com/security/cve/CVE-2018-18501"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18501",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18501",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18501"
},
{
"cve": "CVE-2018-18505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18505"
}
],
"notes": [
{
"category": "general",
"text": "An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18505",
"url": "https://www.suse.com/security/cve/CVE-2018-18505"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18505",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18505",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18505"
},
{
"cve": "CVE-2018-18509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18509"
}
],
"notes": [
{
"category": "general",
"text": "A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren\u0027t covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird \u003c 60.5.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18509",
"url": "https://www.suse.com/security/cve/CVE-2018-18509"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18509",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2018-18509"
},
{
"cve": "CVE-2019-5785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5785"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5785",
"url": "https://www.suse.com/security/cve/CVE-2019-5785"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2019-5785",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2019-5785",
"url": "https://bugzilla.suse.com/1125396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-60.5.1-79.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-60.5.1-79.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T09:44:25Z",
"details": "moderate"
}
],
"title": "CVE-2019-5785"
}
]
}
OPENSUSE-SU-2019:0251-1
Vulnerability from csaf_opensuse - Published: 2019-03-23 11:03 - Updated: 2019-03-23 11:03Summary
Security update for MozillaThunderbird
Severity
Important
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update for MozillaThunderbird to version 60.5.1 fixes the following issues:
Security vulnerabilities addressed (MSFA 2019-03 MSFA 2018-31 MFSA 2019-06 bsc#1122983 bsc#1119105 bsc#1125330):
- CVE-2018-18356: Fixed a Use-after-free in Skia.
- CVE-2019-5785: Fixed an Integer overflow in Skia.
- CVE-2018-18335: Fixed a Buffer overflow in Skia by default deactivating Canvas 2D.
This issue does not affect Linuc distributions.
- CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME signatures
showing mistekenly that emails bring a valid sugnature.
- CVE-2018-18500: Use-after-free parsing HTML5 stream
- CVE-2018-18505: Privilege escalation through IPC channel messages
- CVE-2016-5824 DoS (use-after-free) via a crafted ics file
- CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
- CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with
TextureStorage11
- CVE-2018-18492: Use-after-free with select element
- CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
- CVE-2018-18494: Same-origin policy violation using location attribute and
performance.getEntries to steal cross-origin URLs
- CVE-2018-18498: Integer overflow when calculating buffer sizes for images
- CVE-2018-12405: Memory safety bugs fixed in Firefox 64, 60.4, and
Thunderbird 60.4
Other bug fixes and changes:
- FileLink provider WeTransfer to upload large attachments
- Thunderbird now allows the addition of OpenSearch search engines
from a local XML file using a minimal user interface: [+] button
to select a file an add, [-] to remove.
- More search engines: Google and DuckDuckGo available by default
in some locales
- During account creation, Thunderbird will now detect servers using the
Microsoft Exchange protocol. It will offer the installation of a 3rd party
add-on (Owl) which supports that protocol.
- Thunderbird now compatible with other WebExtension-based FileLink add-ons
like the Dropbox add-on
- New WebExtensions FileLink API to facilitate add-ons
- Fix decoding problems for messages with less common charsets (cp932, cp936)
- New messages in the drafts folder (and other special or virtual folders)
will no longer be included in the new messages notification
- Thunderbird 60 will migrate security databases (key3.db, cert8.db to key4.db,
cert9.db).
- Address book search and auto-complete slowness
- Plain text markup with * for bold, / for italics, _ for underline and | for
code did not work when the enclosed text contained non-ASCII characters
- While composing a message, a link not removed when link location was removed
in the link properties panel
- Encoding problems when exporting address books or messages using the system
charset. Messages are now always exported using the UTF-8 encoding
- If the 'Date' header of a message was invalid, Jan 1970 or Dec 1969
was displayed. Now using date from 'Received' header instead.
- Body search/filtering didn't reliably ignore content of tags
- Inappropriate warning 'Thunderbird prevented the site
(addons.thunderbird.net) from asking you to install software on your
computer' when installing add-ons
- Incorrect display of correspondents column since own email address was not
always detected
- Spurious 
 (encoded newline) inserted into drafts and sent email
- Double-clicking on a word in the Write window sometimes launched the
Advanced Property Editor or Link Properties dialog
- Fixed Cookie removal
- 'Download rest of message' was not working if global inbox was used
- Fix Encoding problems for users (especially in Poland) when a file was sent
via a folder using 'Sent to > Mail recipient'
due to a problem in the Thunderbird MAPI interface
- According to RFC 4616 and RFC 5721, passwords containing non-ASCII characters
are encoded using UTF-8 which can lead to problems with non-compliant
providers, for example office365.com. The SMTP LOGIN and POP3 USER/PASS
authentication methods are now using a Latin-1 encoding again
to work around this issue
- Fix shutdown crash/hang after entering an empty IMAP password
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-251
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
73 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaThunderbird to version 60.5.1 fixes the following issues:\n\nSecurity vulnerabilities addressed (MSFA 2019-03 MSFA 2018-31 MFSA 2019-06 bsc#1122983 bsc#1119105 bsc#1125330):\n\n- CVE-2018-18356: Fixed a Use-after-free in Skia.\n- CVE-2019-5785: Fixed an Integer overflow in Skia.\n- CVE-2018-18335: Fixed a Buffer overflow in Skia by default deactivating Canvas 2D.\n This issue does not affect Linuc distributions.\n- CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME signatures\n showing mistekenly that emails bring a valid sugnature. \n- CVE-2018-18500: Use-after-free parsing HTML5 stream\n- CVE-2018-18505: Privilege escalation through IPC channel messages\n- CVE-2016-5824 DoS (use-after-free) via a crafted ics file\n- CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5\n- CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with\n TextureStorage11\n- CVE-2018-18492: Use-after-free with select element\n- CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia\n- CVE-2018-18494: Same-origin policy violation using location attribute and\n performance.getEntries to steal cross-origin URLs\n- CVE-2018-18498: Integer overflow when calculating buffer sizes for images\n- CVE-2018-12405: Memory safety bugs fixed in Firefox 64, 60.4, and\n Thunderbird 60.4\n\nOther bug fixes and changes:\n\n- FileLink provider WeTransfer to upload large attachments\n- Thunderbird now allows the addition of OpenSearch search engines\n from a local XML file using a minimal user interface: [+] button\n to select a file an add, [-] to remove.\n- More search engines: Google and DuckDuckGo available by default\n in some locales\n- During account creation, Thunderbird will now detect servers using the\n Microsoft Exchange protocol. It will offer the installation of a 3rd party\n add-on (Owl) which supports that protocol.\n- Thunderbird now compatible with other WebExtension-based FileLink add-ons\n like the Dropbox add-on\n- New WebExtensions FileLink API to facilitate add-ons\n- Fix decoding problems for messages with less common charsets (cp932, cp936)\n- New messages in the drafts folder (and other special or virtual folders)\n will no longer be included in the new messages notification\n- Thunderbird 60 will migrate security databases (key3.db, cert8.db to key4.db,\n cert9.db).\n- Address book search and auto-complete slowness\n- Plain text markup with * for bold, / for italics, _ for underline and | for\n code did not work when the enclosed text contained non-ASCII characters\n- While composing a message, a link not removed when link location was removed\n in the link properties panel\n- Encoding problems when exporting address books or messages using the system\n charset. Messages are now always exported using the UTF-8 encoding\n- If the \u0027Date\u0027 header of a message was invalid, Jan 1970 or Dec 1969\n was displayed. Now using date from \u0027Received\u0027 header instead.\n- Body search/filtering didn\u0027t reliably ignore content of tags\n- Inappropriate warning \u0027Thunderbird prevented the site\n (addons.thunderbird.net) from asking you to install software on your\n computer\u0027 when installing add-ons\n- Incorrect display of correspondents column since own email address was not\n always detected\n- Spurious \u0026#xA; (encoded newline) inserted into drafts and sent email\n- Double-clicking on a word in the Write window sometimes launched the\n Advanced Property Editor or Link Properties dialog\n- Fixed Cookie removal\n- \u0027Download rest of message\u0027 was not working if global inbox was used\n- Fix Encoding problems for users (especially in Poland) when a file was sent\n via a folder using \u0027Sent to \u003e Mail recipient\u0027\n due to a problem in the Thunderbird MAPI interface\n- According to RFC 4616 and RFC 5721, passwords containing non-ASCII characters\n are encoded using UTF-8 which can lead to problems with non-compliant\n providers, for example office365.com. The SMTP LOGIN and POP3 USER/PASS\n authentication methods are now using a Latin-1 encoding again\n to work around this issue\n- Fix shutdown crash/hang after entering an empty IMAP password\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-251",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0251-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:0251-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YTL5HAWTQVZCKKAVSVP4LCGEQTWZR73J/#YTL5HAWTQVZCKKAVSVP4LCGEQTWZR73J"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:0251-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YTL5HAWTQVZCKKAVSVP4LCGEQTWZR73J/#YTL5HAWTQVZCKKAVSVP4LCGEQTWZR73J"
},
{
"category": "self",
"summary": "SUSE Bug 1119105",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "self",
"summary": "SUSE Bug 1122983",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "self",
"summary": "SUSE Bug 1125330",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5824 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12405 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17466 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18335 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18356 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18492 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18493 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18493/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18494 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18498 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18500 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18501 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18505 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18509 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5785 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5785/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2019-03-23T11:03:55Z",
"generator": {
"date": "2019-03-23T11:03:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:0251-1",
"initial_release_date": "2019-03-23T11:03:55Z",
"revision_history": [
{
"date": "2019-03-23T11:03:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"product": {
"name": "MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"product_id": "MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"product": {
"name": "MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"product_id": "MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64"
},
"product_reference": "MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64"
},
"product_reference": "MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5824"
}
],
"notes": [
{
"category": "general",
"text": "libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5824",
"url": "https://www.suse.com/security/cve/CVE-2016-5824"
},
{
"category": "external",
"summary": "SUSE Bug 1015964 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/1015964"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986631 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986631"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986639"
},
{
"category": "external",
"summary": "SUSE Bug 986642 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986642"
},
{
"category": "external",
"summary": "SUSE Bug 986658 for CVE-2016-5824",
"url": "https://bugzilla.suse.com/986658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:55Z",
"details": "moderate"
}
],
"title": "CVE-2016-5824"
},
{
"cve": "CVE-2018-12405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12405"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12405",
"url": "https://www.suse.com/security/cve/CVE-2018-12405"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-12405",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:55Z",
"details": "moderate"
}
],
"title": "CVE-2018-12405"
},
{
"cve": "CVE-2018-17466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17466"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17466",
"url": "https://www.suse.com/security/cve/CVE-2018-17466"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:55Z",
"details": "moderate"
}
],
"title": "CVE-2018-17466"
},
{
"cve": "CVE-2018-18335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18335"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18335",
"url": "https://www.suse.com/security/cve/CVE-2018-18335"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18335",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18335",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:55Z",
"details": "moderate"
}
],
"title": "CVE-2018-18335"
},
{
"cve": "CVE-2018-18356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18356"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18356",
"url": "https://www.suse.com/security/cve/CVE-2018-18356"
},
{
"category": "external",
"summary": "SUSE Bug 1118529 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1118529"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2018-18356",
"url": "https://bugzilla.suse.com/1125396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:55Z",
"details": "moderate"
}
],
"title": "CVE-2018-18356"
},
{
"cve": "CVE-2018-18492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18492"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18492",
"url": "https://www.suse.com/security/cve/CVE-2018-18492"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18492",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:55Z",
"details": "moderate"
}
],
"title": "CVE-2018-18492"
},
{
"cve": "CVE-2018-18493",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18493"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18493",
"url": "https://www.suse.com/security/cve/CVE-2018-18493"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18493",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:55Z",
"details": "moderate"
}
],
"title": "CVE-2018-18493"
},
{
"cve": "CVE-2018-18494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18494"
}
],
"notes": [
{
"category": "general",
"text": "A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18494",
"url": "https://www.suse.com/security/cve/CVE-2018-18494"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18494",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:55Z",
"details": "moderate"
}
],
"title": "CVE-2018-18494"
},
{
"cve": "CVE-2018-18498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18498"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird \u003c 60.4, Firefox ESR \u003c 60.4, and Firefox \u003c 64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18498",
"url": "https://www.suse.com/security/cve/CVE-2018-18498"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-18498",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:55Z",
"details": "moderate"
}
],
"title": "CVE-2018-18498"
},
{
"cve": "CVE-2018-18500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18500"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18500",
"url": "https://www.suse.com/security/cve/CVE-2018-18500"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18500",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18500",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:55Z",
"details": "moderate"
}
],
"title": "CVE-2018-18500"
},
{
"cve": "CVE-2018-18501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18501"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18501",
"url": "https://www.suse.com/security/cve/CVE-2018-18501"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18501",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18501",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:55Z",
"details": "moderate"
}
],
"title": "CVE-2018-18501"
},
{
"cve": "CVE-2018-18505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18505"
}
],
"notes": [
{
"category": "general",
"text": "An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird \u003c 60.5, Firefox ESR \u003c 60.5, and Firefox \u003c 65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18505",
"url": "https://www.suse.com/security/cve/CVE-2018-18505"
},
{
"category": "external",
"summary": "SUSE Bug 1122983 for CVE-2018-18505",
"url": "https://bugzilla.suse.com/1122983"
},
{
"category": "external",
"summary": "SUSE Bug 986639 for CVE-2018-18505",
"url": "https://bugzilla.suse.com/986639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:55Z",
"details": "moderate"
}
],
"title": "CVE-2018-18505"
},
{
"cve": "CVE-2018-18509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18509"
}
],
"notes": [
{
"category": "general",
"text": "A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren\u0027t covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird \u003c 60.5.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18509",
"url": "https://www.suse.com/security/cve/CVE-2018-18509"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2018-18509",
"url": "https://bugzilla.suse.com/1125330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:55Z",
"details": "moderate"
}
],
"title": "CVE-2018-18509"
},
{
"cve": "CVE-2019-5785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5785"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5785",
"url": "https://www.suse.com/security/cve/CVE-2019-5785"
},
{
"category": "external",
"summary": "SUSE Bug 1125330 for CVE-2019-5785",
"url": "https://bugzilla.suse.com/1125330"
},
{
"category": "external",
"summary": "SUSE Bug 1125396 for CVE-2019-5785",
"url": "https://bugzilla.suse.com/1125396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:MozillaThunderbird-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-buildsymbols-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-common-60.5.1-lp150.3.30.1.x86_64",
"openSUSE Leap 15.0:MozillaThunderbird-translations-other-60.5.1-lp150.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:55Z",
"details": "moderate"
}
],
"title": "CVE-2019-5785"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…