Описание
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird 115.14
- fixed: When using an external installation of GnuPG, Thunderbird occassionally sent/received corrupted messages
- fixed: Users of external GnuPG were unable to decrypt incorrectly encoded messages (bmo#1906903)
- fixed: Flatpak install of 128.0esr was incorrectly downgraded to 115.13.0esr (bmo#1908299)
- fixed: Security fixes MFSA 2024-38 (bsc#1228648)
- CVE-2024-7519: Out of bounds memory access in graphics shared memory handling
- CVE-2024-7521: Incomplete WebAssembly exception handing
- CVE-2024-7522: Out of bounds read in editor component
- CVE-2024-7525: Missing permission check when creating a StreamFilter
- CVE-2024-7526: Uninitialized memory used by WebGL
- CVE-2024-7527: Use-after-free in JavaScript garbage collection
- CVE-2024-7529: Document content could partially obscure security prompts
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP5
SUSE Linux Enterprise Module for Package Hub 15 SP6
SUSE Linux Enterprise Workstation Extension 15 SP5
SUSE Linux Enterprise Workstation Extension 15 SP6
openSUSE Leap 15.5
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2024:3112-1
- E-Mail link for SUSE-SU-2024:3112-1
- SUSE Security Ratings
- SUSE Bug 1228648
- SUSE CVE CVE-2024-7519 page
- SUSE CVE CVE-2024-7521 page
- SUSE CVE CVE-2024-7522 page
- SUSE CVE CVE-2024-7525 page
- SUSE CVE CVE-2024-7526 page
- SUSE CVE CVE-2024-7527 page
- SUSE CVE CVE-2024-7529 page
Описание
Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Затронутые продукты
Ссылки
- CVE-2024-7519
- SUSE Bug 1228648
Описание
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Затронутые продукты
Ссылки
- CVE-2024-7521
- SUSE Bug 1228648
Описание
Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Затронутые продукты
Ссылки
- CVE-2024-7522
- SUSE Bug 1228648
Описание
It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Затронутые продукты
Ссылки
- CVE-2024-7525
- SUSE Bug 1228648
Описание
ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Затронутые продукты
Ссылки
- CVE-2024-7526
- SUSE Bug 1228648
Описание
Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Затронутые продукты
Ссылки
- CVE-2024-7527
- SUSE Bug 1228648
Описание
The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Затронутые продукты
Ссылки
- CVE-2024-7529
- SUSE Bug 1228648