exploitDog

SUSE-SU-2022:4334-1

Опубликовано: 06 дек. 2022

Источник: suse-cvrf

Описание

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues:

Update to version 102.5.1:

CVE-2022-45414: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content (bsc#1205941).

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP3

MozillaThunderbird-102.5.1-150200.8.93.1

MozillaThunderbird-translations-common-102.5.1-150200.8.93.1

MozillaThunderbird-translations-other-102.5.1-150200.8.93.1

SUSE Linux Enterprise Module for Package Hub 15 SP4

MozillaThunderbird-102.5.1-150200.8.93.1

MozillaThunderbird-translations-common-102.5.1-150200.8.93.1

MozillaThunderbird-translations-other-102.5.1-150200.8.93.1

SUSE Linux Enterprise Workstation Extension 15 SP3

MozillaThunderbird-102.5.1-150200.8.93.1

MozillaThunderbird-translations-common-102.5.1-150200.8.93.1

MozillaThunderbird-translations-other-102.5.1-150200.8.93.1

SUSE Linux Enterprise Workstation Extension 15 SP4

MozillaThunderbird-102.5.1-150200.8.93.1

MozillaThunderbird-translations-common-102.5.1-150200.8.93.1

MozillaThunderbird-translations-other-102.5.1-150200.8.93.1

openSUSE Leap 15.3

MozillaThunderbird-102.5.1-150200.8.93.1

MozillaThunderbird-translations-common-102.5.1-150200.8.93.1

MozillaThunderbird-translations-other-102.5.1-150200.8.93.1

openSUSE Leap 15.4

MozillaThunderbird-102.5.1-150200.8.93.1

MozillaThunderbird-translations-common-102.5.1-150200.8.93.1

MozillaThunderbird-translations-other-102.5.1-150200.8.93.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20224334-1/
Link for SUSE-SU-2022:4334-1
https://lists.suse.com/pipermail/sle-security-updates/2022-December/013195.html
E-Mail link for SUSE-SU-2022:4334-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1205941
SUSE Bug 1205941
https://www.suse.com/security/cve/CVE-2022-45414/
SUSE CVE CVE-2022-45414 page

Описание

If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. An image loaded from the POSTER attribute was shown in the composer window. These issues could have given an attacker additional capabilities when targetting releases that did not yet have a fix for CVE-2022-3033 which was reported around three months ago. This vulnerability affects Thunderbird < 102.5.1.

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP3:MozillaThunderbird-102.5.1-150200.8.93.1

SUSE Linux Enterprise Module for Package Hub 15 SP3:MozillaThunderbird-translations-common-102.5.1-150200.8.93.1

SUSE Linux Enterprise Module for Package Hub 15 SP3:MozillaThunderbird-translations-other-102.5.1-150200.8.93.1

SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-102.5.1-150200.8.93.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-45414.html
CVE-2022-45414
https://bugzilla.suse.com/1205941
SUSE Bug 1205941