[RHSA-2021:0298] thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.7.0.
Security Fix(es):
Mozilla: Cross-origin information leakage via redirected PDF requests (CVE-2021-23953)
Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements (CVE-2021-23954)
Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 (CVE-2021-23964)
Mozilla: IMAP Response Injection when using STARTTLS (CVE-2020-15685)
Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been (CVE-2020-26976)
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC (CVE-2021-23960)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Package | Affected Version |
|---|---|
 pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-8.3
|
< 78.7.0-1.el8_3 |
|
pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-8.3
|
< 78.7.0-1.el8_3 |
|
pkg:rpm/redhat/thunderbird?arch=aarch64&distro=redhat-8.3
|
< 78.7.0-1.el8_3 |
- ID
- RHSA-2021:0298
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2021:0298
- Published
-
2021-01-28T00:00:00
(3 years ago) - Modified
-
2021-01-28T00:00:00
(3 years ago) - Rights
- Copyright 2021 Red Hat, Inc.
- Other Advisories
-
-
ALAS2-2021-1603
-
ALPINE:CVE-2020-15685
-
ALPINE:CVE-2020-26976
-
ALPINE:CVE-2021-23953
-
ALPINE:CVE-2021-23954
-
ALPINE:CVE-2021-23960
-
ALPINE:CVE-2021-23964
-
ASA-202012-25
-
ASA-202102-1
-
ASA-202102-2
-
DSA-4840-1
-
DSA-4842-1
-
ELSA-2021-0288
-
ELSA-2021-0290
-
ELSA-2021-0297
-
ELSA-2021-0298
-
GLSA-202102-01
-
GLSA-202102-02
-
MFSA-2020-54
-
MFSA-2021-03
-
MFSA-2021-04
-
MFSA-2021-05
-
openSUSE-SU-2021:0208-1
-
openSUSE-SU-2021:0209-1
-
openSUSE-SU-2021:0222-1
-
openSUSE-SU-2021:0223-1
-
RHSA-2021:0288
-
RHSA-2021:0290
-
RHSA-2021:0297
-
SUSE-SU-2021:0241-1
-
SUSE-SU-2021:0245-1
-
SUSE-SU-2021:0246-1
-
SUSE-SU-2021:0257-1
-
SUSE-SU-2021:0259-1
-
USN-4671-1
-
USN-4717-1
-
USN-4736-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 1920646 |
|
|
| Bugzilla | 1920648 |
|
|
| Bugzilla | 1920649 |
|
|
| Bugzilla | 1920650 |
|
|
| Bugzilla | 1920651 |
|
|
| Bugzilla | 1921543 |
|
|
| RHSA | RHSA-2021:0298 |
|
|
| CVE | CVE-2020-15685 |
|
|
| CVE | CVE-2020-26976 |
|
|
| CVE | CVE-2021-23953 |
|
|
| CVE | CVE-2021-23954 |
|
|
| CVE | CVE-2021-23960 |
|
|
| CVE | CVE-2021-23964 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-8.3 | redhat |
thunderbird
|
< 78.7.0-1.el8_3 | redhat-8.3 | x86_64 | |
| Affected | pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-8.3 | redhat |
thunderbird
|
< 78.7.0-1.el8_3 | redhat-8.3 | ppc64le | |
| Affected | pkg:rpm/redhat/thunderbird?arch=aarch64&distro=redhat-8.3 | redhat |
thunderbird
|
< 78.7.0-1.el8_3 | redhat-8.3 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |