Описание
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
Mozilla Thunderbird 78.11 (bsc#1186696)
Security issues fixed:
- CVE-2021-29964: Out of bounds-read when parsing a
WM_COPYDATAmessage - CVE-2021-29967: Memory safety bugs fixed in Thunderbird 78.11
General improvements:
- OpenPGP could not be disabled for an account if a key was previously configured
- Recipients were unable to decrypt some messages when the sender had changed the message encryption from OpenPGP to S/MIME
- Contacts moved between CardDAV address books were not synced to the new server
- CardDAV compatibility fixes for Google Contacts
- Folder pane had no clear indication of focus on macOS
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Список пакетов
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2021:0910-1
- SUSE Security Ratings
- SUSE Bug 1186696
- SUSE CVE CVE-2021-29964 page
- SUSE CVE CVE-2021-29967 page
Описание
A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.
Затронутые продукты
Ссылки
- CVE-2021-29964
- SUSE Bug 1186696
Описание
Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.
Затронутые продукты
Ссылки
- CVE-2021-29967
- SUSE Bug 1186696