[openSUSE-SU-2021:0644-1] Security update for MozillaThunderbird
Severity
Important
Affected Packages
3
CVEs
9
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
- Firefox was updated to 78.10.0 ESR (bsc#1184960)
- CVE-2021-23994: Out of bound write due to lazy initialization
- CVE-2021-23995: Use-after-free in Responsive Design Mode
- CVE-2021-23998: Secure Lock icon could have been spoofed
- CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage
- CVE-2021-23999: Blob URLs may have been granted additional privileges
- CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL
- CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads
- CVE-2021-29946: Port blocking could be bypassed
- CVE-2021-29948: Race condition when reading from disk while verifying signatures
This update was imported from the SUSE:SLE-15-SP2:Update update project.
| Package | Affected Version |
|---|---|
 pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.2
|
< 78.10.0-lp152.2.41.1 |
|
pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.2
|
< 78.10.0-lp152.2.41.1 |
|
pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.2
|
< 78.10.0-lp152.2.41.1 |
- ID
- openSUSE-SU-2021:0644-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FZF7QZJOUTVUSU5SPVGG757XUPT3OVD3/
- Published
-
2021-05-01T05:02:34
(3 years ago) - Modified
-
2021-05-01T05:02:34
(3 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS2-2021-1644
-
ALPINE:CVE-2021-23961
-
ALPINE:CVE-2021-23994
-
ALPINE:CVE-2021-23995
-
ALPINE:CVE-2021-23998
-
ALPINE:CVE-2021-23999
-
ALPINE:CVE-2021-24002
-
ALPINE:CVE-2021-29945
-
ALPINE:CVE-2021-29946
-
ALPINE:CVE-2021-29948
-
ALSA-2021:1353
-
ALSA-2021:1360
-
ASA-202102-1
-
ASA-202104-3
-
ASA-202104-4
-
DSA-4895-1
-
DSA-4897-1
-
ELSA-2021-1350
-
ELSA-2021-1353
-
ELSA-2021-1360
-
ELSA-2021-1363
-
GLSA-202102-01
-
GLSA-202104-09
-
GLSA-202104-10
-
MFSA-2021-03
-
MFSA-2021-14
-
MFSA-2021-15
-
MFSA-2021-16
-
openSUSE-SU-2021:0621-1
-
RHSA-2021:1350
-
RHSA-2021:1353
-
RHSA-2021:1360
-
RHSA-2021:1363
-
SUSE-SU-2021:1307-1
-
SUSE-SU-2021:1325-1
-
SUSE-SU-2021:1432-1
-
SUSE-SU-2021:1433-1
-
USN-4717-1
-
USN-4926-1
-
USN-4995-1
-
USN-4995-2
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.2 | opensuse |
MozillaThunderbird
|
< 78.10.0-lp152.2.41.1 | opensuse-leap-15.2 | x86_64 | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.2 | opensuse |
MozillaThunderbird-translations-other
|
< 78.10.0-lp152.2.41.1 | opensuse-leap-15.2 | x86_64 | |
| Affected | pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.2 | opensuse |
MozillaThunderbird-translations-common
|
< 78.10.0-lp152.2.41.1 | opensuse-leap-15.2 | x86_64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |