OPENSUSE-SU-2020:0967-1
Advisory lineage Upstream: 5 Downstream: 0
Published: 15 Jul 2020, 12:42
Last modified:04 Feb 2026, 03:26
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
15 Jul 2020, 12:42
Published
Vulnerability first disclosed
04 Feb 2026, 03:26
Last Modified
Vulnerability information updated
Description
Security update for MozillaThunderbird This update for MozillaThunderbird to version 68.10.0 ESR fixes the following issues: - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). This update was imported from the SUSE:SLE-15:Update update project.
Affected Systems
- opensuse•MozillaThunderbird&distro=openSUSE Leap 15.1
< 68.10.0-lp151.2.44.2
References (7)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YAYUZVFPL5N3QXJNFURNBG4J7U6HBKUJ/
- https://bugzilla.suse.com/1173576
- https://www.suse.com/security/cve/CVE-2020-12417
- https://www.suse.com/security/cve/CVE-2020-12418
- https://www.suse.com/security/cve/CVE-2020-12419
- https://www.suse.com/security/cve/CVE-2020-12420
- https://www.suse.com/security/cve/CVE-2020-12421