[openSUSE-SU-2021:1091-1] Security update for MozillaThunderbird

Severity Important

Affected Packages 3

CVEs 4

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird 78.12

fixed: Sending an email containing HTML links with spaces in the URL sometimes resulted in broken links
fixed: Folder Pane display theme fixes for macOS
fixed: Chat account settings did not always save as expected
fixed: RSS feed subscriptions sometimes lost
fixed: Calendar: A parsing error for alarm triggers of type 'DURATION' caused sync problems for some users
fixed: Various security fixes

MFSA 2021-30 (bsc#1188275)

CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could be processed
CVE-2021-29970: Use-after-free in accessibility features of a document
CVE-2021-30547: Out of bounds write in ANGLE
CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Package	Affected Version
pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.2	< 78.12.0-lp152.2.48.2
pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.2	< 78.12.0-lp152.2.48.2
pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.2	< 78.12.0-lp152.2.48.2

ID

openSUSE-SU-2021:1091-1

Severity

important

URL

Published

2021-08-04T00:14:42
(3 years ago)

Modified

2021-08-04T00:14:42
(3 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1091-1.json
Suse	URL for openSUSE-SU-2021:1091-1	https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABQT6TDIB2IQ4ZZNUZXMHLE7ZDVD4YBM/
Suse	E-Mail link for openSUSE-SU-2021:1091-1	https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABQT6TDIB2IQ4ZZNUZXMHLE7ZDVD4YBM/
Bugzilla	SUSE Bug 1188275	https://bugzilla.suse.com/1188275
CVE	SUSE CVE CVE-2021-29969 page	https://www.suse.com/security/cve/CVE-2021-29969/
CVE	SUSE CVE CVE-2021-29970 page	https://www.suse.com/security/cve/CVE-2021-29970/
CVE	SUSE CVE CVE-2021-29976 page	https://www.suse.com/security/cve/CVE-2021-29976/
CVE	SUSE CVE CVE-2021-30547 page	https://www.suse.com/security/cve/CVE-2021-30547/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.2	opensuse	MozillaThunderbird	< 78.12.0-lp152.2.48.2	opensuse-leap-15.2	x86_64
Affected	pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.2	opensuse	MozillaThunderbird-translations-other	< 78.12.0-lp152.2.48.2	opensuse-leap-15.2	x86_64
Affected	pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.2	opensuse	MozillaThunderbird-translations-common	< 78.12.0-lp152.2.48.2	opensuse-leap-15.2	x86_64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date