openSUSE-SU-2018:0256-1: important: Security update for MozillaThunderbird

\n\n openSUSE Security Update: Security update for MozillaThunderbird

Announcement ID: openSUSE-SU-2018:0256-1
Rating: important
References: #1077291
Cross-References: CVE-2018-5089 CVE-2018-5095 CVE-2018-5096
CVE-2018-5097 CVE-2018-5098 CVE-2018-5099
CVE-2018-5102 CVE-2018-5103 CVE-2018-5104
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12

An update that fixes 10 vulnerabilities is now available.


This update for MozillaThunderbird to version 52.6 fixes several issues.

These security issues were fixed:

– CVE-2018-5095: Integer overflow in Skia library during edge builder
allocation (bsc#1077291).
– CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291).
– CVE-2018-5097: Use-after-free when source document is manipulated during
XSLT (bsc#1077291).
– CVE-2018-5098: Use-after-free while manipulating form input elements
– CVE-2018-5099: Use-after-free with widget listener (bsc#1077291).
– CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291).
– CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291).
– CVE-2018-5104: Use-after-free during font face manipulation
– CVE-2018-5117: URL spoofing with right-to-left text aligned
left-to-right (bsc#1077291).
– CVE-2018-5089: Various memory safety bugs (bsc#1077291).

These security issues were fixed:

– Searching message bodies of messages in local folders, including filter
and quick filter operations, not working reliably: Content not found in
base64-encode message parts, non-ASCII text not found and false
positives found.
– Defective messages (without at least one expected header) not shown in
IMAP folders but shown on mobile devices
– Calendar: Unintended task deletion if numlock is enabled

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2018-101=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):



To unsubscribe, e-mail:
For additional commands, e-mail: