Security update for MozillaThunderbird

Announcement ID:	SUSE-SU-2020:3418-1
Rating:	moderate
References:	bsc#1178611
Cross-References:	CVE-2020-26950
CVSS scores:	CVE-2020-26950 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-26950 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP2

An update that solves one vulnerability can now be installed.

Description:

This update for MozillaThunderbird fixes the following issues:

• Mozilla Thunderbird 78.4.2 MFSA 2020-49 (bsc#1178611)
• CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for
• Mozilla Thunderbird 78.4.1
• new: Thunderbird prompts for an address to use when starting an email from an address book entry with multiple addresses (bmo#84028)
• fixed: Searching global search results did not work (bmo#1664761)
• fixed: Link location was not focused by default when adding a hyperlink in message composer (bmo#1670660)
• fixed: Advanced address book search dialog was unusable (bmo#1668147)
• fixed: Encrypted draft reply emails lost "Re:" prefix (bmo#1661510)
• fixed: Replying to a newsgroup message did not open the compose window (bmo#1672667)
• fixed: Unable to delete multiple newsgroup messages (bmo#1657988)
• fixed: Appmenu displayed visual glitches (bmo#1636243)
• fixed: Visual glitches when selecting multiple messages in the message pane and using Ctrl+click (bmo#1671800)
• fixed: Switching between dark and light mode could lead to unreadable text on macOS (bmo#1668989)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Workstation Extension 15 SP1
  zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-3418=1
• SUSE Linux Enterprise Workstation Extension 15 SP2
  zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-3418=1

Package List:

• SUSE Linux Enterprise Workstation Extension 15 SP1 (x86_64)
  • MozillaThunderbird-translations-common-78.4.2-3.103.2
  • MozillaThunderbird-78.4.2-3.103.2
  • MozillaThunderbird-debuginfo-78.4.2-3.103.2
  • MozillaThunderbird-debugsource-78.4.2-3.103.2
  • MozillaThunderbird-translations-other-78.4.2-3.103.2
• SUSE Linux Enterprise Workstation Extension 15 SP2 (x86_64)
  • MozillaThunderbird-translations-common-78.4.2-3.103.2
  • MozillaThunderbird-78.4.2-3.103.2
  • MozillaThunderbird-debuginfo-78.4.2-3.103.2
  • MozillaThunderbird-debugsource-78.4.2-3.103.2
  • MozillaThunderbird-translations-other-78.4.2-3.103.2

References:

• https://www.suse.com/security/cve/CVE-2020-26950.html
• https://bugzilla.suse.com/show_bug.cgi?id=1178611