ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
Mozilla Thunderbird 78.11 (bsc#1186696)
Security issues fixed:
- CVE-2021-29964: Out of bounds-read when parsing a
WM_COPYDATAmessage - CVE-2021-29967: Memory safety bugs fixed in Thunderbird 78.11
General improvements:
- OpenPGP could not be disabled for an account if a key was previously configured
- Recipients were unable to decrypt some messages when the sender had changed the message encryption from OpenPGP to S/MIME
- Contacts moved between CardDAV address books were not synced to the new server
- CardDAV compatibility fixes for Google Contacts
- Folder pane had no clear indication of focus on macOS
Π‘ΠΏΠΈΡΠΎΠΊ ΠΏΠ°ΠΊΠ΅ΡΠΎΠ²
openSUSE Leap 15.3
Π‘ΡΡΠ»ΠΊΠΈ
- E-Mail link for openSUSE-SU-2021:2003-1
- SUSE Security Ratings
- SUSE Bug 1186696
- SUSE CVE CVE-2021-29964 page
- SUSE CVE CVE-2021-29967 page
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2021-29964
- SUSE Bug 1186696
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2021-29967
- SUSE Bug 1186696