{"id":"MGASA-2018-0261","summary":"Updated thunderbird packages fix security vulnerabilities","details":"Updated thunderbird packages fix security vulnerabilities:\n\nMozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8\n(CVE-2018-5150).\n\nMozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154).\n\nMozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155).\n\nMozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159).\n\nMozilla: Hang via malformed headers (CVE-2018-5161).\n\nMozilla: Encrypted mail leaks plaintext through src attribute\n(CVE-2018-5162).\n\nMozilla: Lightweight themes can be installed without user interaction\n(CVE-2018-5168).\n\nMozilla: Filename spoofing for external attachments (CVE-2018-5170).\n\nMozilla: Buffer overflow during UTF-8 to Unicode string conversion through\nlegacy extension (CVE-2018-5178).\n\nMozilla: Backport critical security fixes in Skia (CVE-2018-5183).\n\nMozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack\n(CVE-2018-5184).\n\nMozilla: Leaking plaintext through HTML forms (CVE-2018-5185).\n","modified":"2026-04-16T01:45:37.089047136Z","published":"2018-05-30T19:55:44Z","upstream":["CVE-2018-5150","CVE-2018-5154","CVE-2018-5155","CVE-2018-5159","CVE-2018-5161","CVE-2018-5162","CVE-2018-5168","CVE-2018-5170","CVE-2018-5178","CVE-2018-5183","CVE-2018-5184","CVE-2018-5185"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0261.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23057"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/52.8.0/releasenotes/"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2018:1725"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.8.0-4.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0261.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.8.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0261.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}