OPENSUSE-SU-2020:0982-1
Advisory lineage Upstream: 5 Downstream: 0
Published: 17 Jul 2020, 16:30
Last modified:04 Feb 2026, 03:54
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
17 Jul 2020, 16:30
Published
Vulnerability first disclosed
04 Feb 2026, 03:54
Last Modified
Vulnerability information updated
Description
Security update for MozillaThunderbird This update for MozillaThunderbird to version 68.10.0 ESR fixes the following issues: - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). This update was imported from the SUSE:SLE-15:Update update project.
Affected Systems
- opensuse•MozillaThunderbird&distro=openSUSE Leap 15.2
< 68.10.0-lp152.2.4.1
References (7)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/42LJZ4E7FAWVTKPVLPQEJB45C3YAMRAT/
- https://bugzilla.suse.com/1173576
- https://www.suse.com/security/cve/CVE-2020-12417
- https://www.suse.com/security/cve/CVE-2020-12418
- https://www.suse.com/security/cve/CVE-2020-12419
- https://www.suse.com/security/cve/CVE-2020-12420
- https://www.suse.com/security/cve/CVE-2020-12421