exploitDog

SUSE-SU-2024:3731-1

Опубликовано: 18 окт. 2024

Источник: suse-cvrf

Описание

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues:

Update to Mozilla Thunderbird 128.3.1 (MFSA 2024-52, bsc#1231413):

CVE-2024-9680: Fixed use-after-free in Animation timeline (bmo#1923344)

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP5

MozillaThunderbird-128.3.1-150200.8.185.1

MozillaThunderbird-translations-common-128.3.1-150200.8.185.1

MozillaThunderbird-translations-other-128.3.1-150200.8.185.1

SUSE Linux Enterprise Module for Package Hub 15 SP6

MozillaThunderbird-128.3.1-150200.8.185.1

MozillaThunderbird-translations-common-128.3.1-150200.8.185.1

MozillaThunderbird-translations-other-128.3.1-150200.8.185.1

SUSE Linux Enterprise Workstation Extension 15 SP5

MozillaThunderbird-128.3.1-150200.8.185.1

MozillaThunderbird-translations-common-128.3.1-150200.8.185.1

MozillaThunderbird-translations-other-128.3.1-150200.8.185.1

SUSE Linux Enterprise Workstation Extension 15 SP6

MozillaThunderbird-128.3.1-150200.8.185.1

MozillaThunderbird-translations-common-128.3.1-150200.8.185.1

MozillaThunderbird-translations-other-128.3.1-150200.8.185.1

openSUSE Leap 15.5

MozillaThunderbird-128.3.1-150200.8.185.1

MozillaThunderbird-translations-common-128.3.1-150200.8.185.1

MozillaThunderbird-translations-other-128.3.1-150200.8.185.1

openSUSE Leap 15.6

MozillaThunderbird-128.3.1-150200.8.185.1

MozillaThunderbird-translations-common-128.3.1-150200.8.185.1

MozillaThunderbird-translations-other-128.3.1-150200.8.185.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20243731-1/
Link for SUSE-SU-2024:3731-1
https://lists.suse.com/pipermail/sle-security-updates/2024-October/019660.html
E-Mail link for SUSE-SU-2024:3731-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1231413
SUSE Bug 1231413
https://www.suse.com/security/cve/CVE-2024-9680/
SUSE CVE CVE-2024-9680 page

Описание

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.3.1-150200.8.185.1

SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.3.1-150200.8.185.1

SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.3.1-150200.8.185.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.3.1-150200.8.185.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-9680.html
CVE-2024-9680
https://bugzilla.suse.com/1231413
SUSE Bug 1231413