[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2018:3687-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T08:55:34.825Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":64,"duplicates":65,"related":66,"reserved_at":9,"published_at":92,"modified_at":93,"state":9,"summary":94,"references_raw":96,"kevs":237,"epss":9,"epss_history":238,"metrics":239,"affected":240},"OPENSUSE-SU-2018:3687-1","Security update for MozillaThunderbird\n\nThis update for Mozilla Thunderbird to version 60.2.1 fixes multiple issues.\n\nMultiple security issues were fixed in the Mozilla platform as advised in MFSA 2018-25 and MFSA 2018-28.\nIn general, these flaws cannot be exploited through email in Thunderbird because scripting\nis disabled when reading mail, but are potentially risks in browser or browser-like contexts:\n\n- CVE-2018-12359: Prevent buffer overflow using computed size of canvas element (bsc#1098998)\n- CVE-2018-12360: Prevent use-after-free when using focus() (bsc#1098998)\n- CVE-2018-12361: Prevent integer overflow in SwizzleData (bsc#1098998)\n- CVE-2018-12362: Prevent integer overflow in SSSE3 scaler (bsc#1098998)\n- CVE-2018-5156: Prevent media recorder segmentation fault when track type is changed during capture (bsc#1098998)\n- CVE-2018-12363: Prevent use-after-free when appending DOM nodes (bsc#1098998)\n- CVE-2018-12364: Prevent CSRF attacks through 307 redirects and NPAPI plugins (bsc#1098998)\n- CVE-2018-12365: Prevent compromised IPC child process listing local filenames (bsc#1098998)\n- CVE-2018-12371: Prevent integer overflow in Skia library during edge builder allocation (bsc#1098998)\n- CVE-2018-12366: Prevent invalid data handling during QCMS transformations (bsc#1098998)\n- CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming (bsc#1098998)\n- CVE-2018-5187: Various memory safety bugs (bsc#1098998)\n- CVE-2018-5188: Various memory safety bugs (bsc#1098998)\n- CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343)\n- CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343)\n- CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1066489)\n- CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (bsc#1107343)\n- CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363)\n- CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343)\n- CVE-2018-12389: Fixed memory safety bugs (bsc#1112852)\n- CVE-2018-12390: Fixed memory safety bugs (bsc#1112852)\n- CVE-2018-12391: Fixed HTTP Live Stream audio data is accessible cross-origin (bsc#1112852)\n- CVE-2018-12392: Fixed crash with nested event loops (bsc#1112852)\n- CVE-2018-12393: Fixed integer overflow during Unicode conversion while loading JavaScript (bsc#1112852)\n    \nThese non-security issues were fixed:\n\n- Fix date display issues (bsc#1109379)\n- Fix start-up crash due to folder name with special characters (bsc#1107772)\n- Storing of remote content settings fixed (bsc#1084603)\n- Improved message handling and composing\n- Improved handling of message templates\n- Support for OAuth2 and FIDO U2F\n- Various Calendar improvements\n- Various fixes and changes to e-mail workflow \n- Various IMAP fixes\n- Native desktop notifications\n- various theme fixes\n- Shift+PageUp/PageDown in Write window\n- Gloda attachment filtering\n- Mailing list address auto-complete enter/return handling\n- Thunderbird hung if HTML signature references non-existent image\n- Filters not working for headers that appear more than once\n  ",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62],{"_key":15},"CVE-2017-16541",{"_key":17},"CVE-2018-12359",{"_key":19},"CVE-2018-12360",{"_key":21},"CVE-2018-12361",{"_key":23},"CVE-2018-12362",{"_key":25},"CVE-2018-12363",{"_key":27},"CVE-2018-12364",{"_key":29},"CVE-2018-12365",{"_key":31},"CVE-2018-12366",{"_key":33},"CVE-2018-12367",{"_key":35},"CVE-2018-12371",{"_key":37},"CVE-2018-12376",{"_key":39},"CVE-2018-12377",{"_key":41},"CVE-2018-12378",{"_key":43},"CVE-2018-12383",{"_key":45},"CVE-2018-12385",{"_key":47},"CVE-2018-12389",{"_key":49},"CVE-2018-12390",{"_key":51},"CVE-2018-12391",{"_key":53},"CVE-2018-12392",{"_key":55},"CVE-2018-12393",{"_key":57},"CVE-2018-16541",{"_key":59},"CVE-2018-5156",{"_key":61},"CVE-2018-5187",{"_key":63},"CVE-2018-5188",[],[],[67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},"2018-11-09T08:34:29Z","2026-02-04T03:10:25.373389Z",{"cisa_kev":95,"cisa_ransomware":95,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[97,103,108,112,116,120,124,128,132,136,141,145,149,153,157,161,165,169,173,177,181,185,189,193,197,201,205,209,213,217,221,225,229,233],{"url":98,"sources":99,"tags":101},"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BBHDVB7NPDAZXEW2BECURXKYFEGTTUL4/#BBHDVB7NPDAZXEW2BECURXKYFEGTTUL4",[100],"osv_suse",[102],"Advisory",{"url":104,"sources":105,"tags":106},"https://bugzilla.suse.com/1066489",[100],[107],"REPORT",{"url":109,"sources":110,"tags":111},"https://bugzilla.suse.com/1084603",[100],[107],{"url":113,"sources":114,"tags":115},"https://bugzilla.suse.com/1098998",[100],[107],{"url":117,"sources":118,"tags":119},"https://bugzilla.suse.com/1107343",[100],[107],{"url":121,"sources":122,"tags":123},"https://bugzilla.suse.com/1107772",[100],[107],{"url":125,"sources":126,"tags":127},"https://bugzilla.suse.com/1109363",[100],[107],{"url":129,"sources":130,"tags":131},"https://bugzilla.suse.com/1109379",[100],[107],{"url":133,"sources":134,"tags":135},"https://bugzilla.suse.com/1112852",[100],[107],{"url":137,"sources":138,"tags":139},"https://www.suse.com/security/cve/CVE-2017-16541",[100],[140],"WEB",{"url":142,"sources":143,"tags":144},"https://www.suse.com/security/cve/CVE-2018-12359",[100],[140],{"url":146,"sources":147,"tags":148},"https://www.suse.com/security/cve/CVE-2018-12360",[100],[140],{"url":150,"sources":151,"tags":152},"https://www.suse.com/security/cve/CVE-2018-12361",[100],[140],{"url":154,"sources":155,"tags":156},"https://www.suse.com/security/cve/CVE-2018-12362",[100],[140],{"url":158,"sources":159,"tags":160},"https://www.suse.com/security/cve/CVE-2018-12363",[100],[140],{"url":162,"sources":163,"tags":164},"https://www.suse.com/security/cve/CVE-2018-12364",[100],[140],{"url":166,"sources":167,"tags":168},"https://www.suse.com/security/cve/CVE-2018-12365",[100],[140],{"url":170,"sources":171,"tags":172},"https://www.suse.com/security/cve/CVE-2018-12366",[100],[140],{"url":174,"sources":175,"tags":176},"https://www.suse.com/security/cve/CVE-2018-12367",[100],[140],{"url":178,"sources":179,"tags":180},"https://www.suse.com/security/cve/CVE-2018-12371",[100],[140],{"url":182,"sources":183,"tags":184},"https://www.suse.com/security/cve/CVE-2018-12376",[100],[140],{"url":186,"sources":187,"tags":188},"https://www.suse.com/security/cve/CVE-2018-12377",[100],[140],{"url":190,"sources":191,"tags":192},"https://www.suse.com/security/cve/CVE-2018-12378",[100],[140],{"url":194,"sources":195,"tags":196},"https://www.suse.com/security/cve/CVE-2018-12383",[100],[140],{"url":198,"sources":199,"tags":200},"https://www.suse.com/security/cve/CVE-2018-12385",[100],[140],{"url":202,"sources":203,"tags":204},"https://www.suse.com/security/cve/CVE-2018-12389",[100],[140],{"url":206,"sources":207,"tags":208},"https://www.suse.com/security/cve/CVE-2018-12390",[100],[140],{"url":210,"sources":211,"tags":212},"https://www.suse.com/security/cve/CVE-2018-12391",[100],[140],{"url":214,"sources":215,"tags":216},"https://www.suse.com/security/cve/CVE-2018-12392",[100],[140],{"url":218,"sources":219,"tags":220},"https://www.suse.com/security/cve/CVE-2018-12393",[100],[140],{"url":222,"sources":223,"tags":224},"https://www.suse.com/security/cve/CVE-2018-16541",[100],[140],{"url":226,"sources":227,"tags":228},"https://www.suse.com/security/cve/CVE-2018-5156",[100],[140],{"url":230,"sources":231,"tags":232},"https://www.suse.com/security/cve/CVE-2018-5187",[100],[140],{"url":234,"sources":235,"tags":236},"https://www.suse.com/security/cve/CVE-2018-5188",[100],[140],[],[],[],[241],{"ecosystem":242,"name":243,"vendor":244,"product":245,"cpe_part":9,"purl_type":246,"purl_namespace":244,"purl_name":245,"source":9,"versions":247},"SUSE Linux Enterprise","MozillaThunderbird","suse","MozillaThunderbird&distro=SUSE Package Hub 12","rpm",[248],{"version":249,"is_range":250,"range_type":251,"version_start":9,"version_start_type":9,"version_end":252,"version_end_type":253,"fixed_in":9},"lt60_3_0_74_2",true,"ecosystem","60.3.0-74.2","excluding"]