[RHSA-2021:0298] thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.7.0.
Security Fix(es):
Mozilla: Cross-origin information leakage via redirected PDF requests (CVE-2021-23953)
Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements (CVE-2021-23954)
Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 (CVE-2021-23964)
Mozilla: IMAP Response Injection when using STARTTLS (CVE-2020-15685)
Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been (CVE-2020-26976)
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC (CVE-2021-23960)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Package | Affected Version |
---|---|
pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-8.3 | < 78.7.0-1.el8_3 |
pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-8.3 | < 78.7.0-1.el8_3 |
pkg:rpm/redhat/thunderbird?arch=aarch64&distro=redhat-8.3 | < 78.7.0-1.el8_3 |
- ID
- RHSA-2021:0298
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2021:0298
- Published
-
2021-01-28T00:00:00
(3 years ago) - Modified
-
2021-01-28T00:00:00
(3 years ago) - Rights
- Copyright 2021 Red Hat, Inc.
- Other Advisories
-
- ALAS2-2021-1603
- ALPINE:CVE-2020-15685
- ALPINE:CVE-2020-26976
- ALPINE:CVE-2021-23953
- ALPINE:CVE-2021-23954
- ALPINE:CVE-2021-23960
- ALPINE:CVE-2021-23964
- ASA-202012-25
- ASA-202102-1
- ASA-202102-2
- DSA-4840-1
- DSA-4842-1
- ELSA-2021-0288
- ELSA-2021-0290
- ELSA-2021-0297
- ELSA-2021-0298
- GLSA-202102-01
- GLSA-202102-02
- MFSA-2020-54
- MFSA-2021-03
- MFSA-2021-04
- MFSA-2021-05
- openSUSE-SU-2021:0208-1
- openSUSE-SU-2021:0209-1
- openSUSE-SU-2021:0222-1
- openSUSE-SU-2021:0223-1
- RHSA-2021:0288
- RHSA-2021:0290
- RHSA-2021:0297
- SUSE-SU-2021:0241-1
- SUSE-SU-2021:0245-1
- SUSE-SU-2021:0246-1
- SUSE-SU-2021:0257-1
- SUSE-SU-2021:0259-1
- USN-4671-1
- USN-4717-1
- USN-4736-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1920646 | https://bugzilla.redhat.com/1920646 | |
Bugzilla | 1920648 | https://bugzilla.redhat.com/1920648 | |
Bugzilla | 1920649 | https://bugzilla.redhat.com/1920649 | |
Bugzilla | 1920650 | https://bugzilla.redhat.com/1920650 | |
Bugzilla | 1920651 | https://bugzilla.redhat.com/1920651 | |
Bugzilla | 1921543 | https://bugzilla.redhat.com/1921543 | |
RHSA | RHSA-2021:0298 | https://access.redhat.com/errata/RHSA-2021:0298 | |
CVE | CVE-2020-15685 | https://access.redhat.com/security/cve/CVE-2020-15685 | |
CVE | CVE-2020-26976 | https://access.redhat.com/security/cve/CVE-2020-26976 | |
CVE | CVE-2021-23953 | https://access.redhat.com/security/cve/CVE-2021-23953 | |
CVE | CVE-2021-23954 | https://access.redhat.com/security/cve/CVE-2021-23954 | |
CVE | CVE-2021-23960 | https://access.redhat.com/security/cve/CVE-2021-23960 | |
CVE | CVE-2021-23964 | https://access.redhat.com/security/cve/CVE-2021-23964 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-8.3 | redhat | thunderbird | < 78.7.0-1.el8_3 | redhat-8.3 | x86_64 | |
Affected | pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-8.3 | redhat | thunderbird | < 78.7.0-1.el8_3 | redhat-8.3 | ppc64le | |
Affected | pkg:rpm/redhat/thunderbird?arch=aarch64&distro=redhat-8.3 | redhat | thunderbird | < 78.7.0-1.el8_3 | redhat-8.3 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |