Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:1091-1

Опубликовано: 04 авг. 2021
Источник: suse-cvrf

Описание

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird 78.12

  • fixed: Sending an email containing HTML links with spaces in the URL sometimes resulted in broken links
  • fixed: Folder Pane display theme fixes for macOS
  • fixed: Chat account settings did not always save as expected
  • fixed: RSS feed subscriptions sometimes lost
  • fixed: Calendar: A parsing error for alarm triggers of type 'DURATION' caused sync problems for some users
  • fixed: Various security fixes

MFSA 2021-30 (bsc#1188275)

  • CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could be processed
  • CVE-2021-29970: Use-after-free in accessibility features of a document
  • CVE-2021-30547: Out of bounds write in ANGLE
  • CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Список пакетов

openSUSE Leap 15.2
MozillaThunderbird-78.12.0-lp152.2.48.2
MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2
MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2

Ссылки

Описание

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12.

Затронутые продукты
openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2
openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2
openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2
Ссылки

Описание

A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.

Затронутые продукты
openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2
openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2
openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2
Ссылки

Описание

Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.

Затронутые продукты
openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2
openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2
openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2
Ссылки

Описание

Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Затронутые продукты
openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2
openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2
openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2
Ссылки
Уязвимость openSUSE-SU-2021:1091-1