An update that fixes 25 vulnerabilities is now available.
This update for Mozilla Thunderbird to version 60.2.1 fixes multiple issues.
Multiple security issues were fixed in the Mozilla platform as advised in MFSA 2018-25 and MFSA 2018-28. In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts:
These non-security issues were fixed:
- Fix date display issues (bsc#1109379) - Fix start-up crash due to folder name with special characters (bsc#1107772) - Storing of remote content settings fixed (bsc#1084603) - Improved message handling and composing - Improved handling of message templates - Support for OAuth2 and FIDO U2F - Various Calendar improvements - Various fixes and changes to e-mail workflow - Various IMAP fixes - Native desktop notifications - various theme fixes - Shift+PageUp/PageDown in Write window - Gloda attachment filtering - Mailing list address auto-complete enter/return handling - Thunderbird hung if HTML signature references non-existent image - Filters not working for headers that appear more than once
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2018-1360=1
- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):