Upstream information

CVE-2018-5170 at MITRE

Description

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having not set severity.

SUSE Bugzilla entries: 1092548 [NEW], 1093972 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Workstation Extension 15
  • MozillaThunderbird >= 52.8-1.2
  • MozillaThunderbird-devel >= 52.8-1.2
  • MozillaThunderbird-translations-common >= 52.8-1.2
  • MozillaThunderbird-translations-other >= 52.8-1.2
Patchnames:
SUSE Linux Enterprise Workstation Extension 15 GA MozillaThunderbird
SUSE Package Hub for SUSE Linux Enterprise 12
  • MozillaThunderbird >= 52.8-60.1
  • MozillaThunderbird-buildsymbols >= 52.8-60.1
  • MozillaThunderbird-debuginfo >= 52.8-60.1
  • MozillaThunderbird-debugsource >= 52.8-60.1
  • MozillaThunderbird-devel >= 52.8-60.1
  • MozillaThunderbird-translations-common >= 52.8-60.1
  • MozillaThunderbird-translations-other >= 52.8-60.1
Patchnames:
openSUSE-2018-486
openSUSE Leap 15.0
  • MozillaThunderbird >= 52.8-lp150.3.3.2
  • MozillaThunderbird-buildsymbols >= 52.8-lp150.3.3.2
  • MozillaThunderbird-debuginfo >= 52.8-lp150.3.3.2
  • MozillaThunderbird-debugsource >= 52.8-lp150.3.3.2
  • MozillaThunderbird-devel >= 52.8-lp150.3.3.2
  • MozillaThunderbird-translations-common >= 52.8-lp150.3.3.2
  • MozillaThunderbird-translations-other >= 52.8-lp150.3.3.2
Patchnames:
openSUSE-2018-486
openSUSE Leap 42.3
  • MozillaThunderbird >= 52.8-63.1
  • MozillaThunderbird-buildsymbols >= 52.8-63.1
  • MozillaThunderbird-debuginfo >= 52.8-63.1
  • MozillaThunderbird-debugsource >= 52.8-63.1
  • MozillaThunderbird-devel >= 52.8-63.1
  • MozillaThunderbird-translations-common >= 52.8-63.1
  • MozillaThunderbird-translations-other >= 52.8-63.1
Patchnames:
openSUSE-2018-486