Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

openSUSE: 2021:1635-1 Important: MozillaThunderbird Security Update

opensuse
Calendar Grey December 29, 2021
Dist Opensuse Esm H88
The latest update for Mozilla Thunderbird addresses significant vulnerabilities in openSUSE, enhancing both security measures and overall stability.
An update that fixes 33 vulnerabilities is now available

Description

This update for MozillaThunderbird fixes the following issues:

- Update to version 91.4 MFSA 2021-54 (bsc#1193485)

- CVE-2021-43536: URL leakage when navigating while executing asynchronous

function

- CVE-2021-43537: Heap buffer overflow when using structured clone

- CVE-2021-43538: Missing fullscreen and pointer lock notification when

requesting both

- CVE-2021-43539: GC rooting failure when calling wasm instance methods

- CVE-2021-43541: External protocol handler parameters were unescaped

- CVE-2021-43542: XMLHttpRequest error codes could have leaked the

existence of an external protocol handler

- CVE-2021-43543: Bypass of CSP sandbox directive when embedding

- CVE-2021-43545: Denial of Service when using the Location API in a loop

- CVE-2021-43546: Cursor spoofing could overlay user interface when native

cursor is zoomed

- CVE-2021-43528: JavaScript unexpectedly enabled for the composition area

- Update to version 91.3.2

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory vulnerability important mozilla thunderbird open suse

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-1635=1

Package List

- openSUSE Leap 15.2 (x86_64):

MozillaThunderbird-91.4.0-lp152.2.52.1

MozillaThunderbird-debuginfo-91.4.0-lp152.2.52.1

MozillaThunderbird-debugsource-91.4.0-lp152.2.52.1

MozillaThunderbird-translations-common-91.4.0-lp152.2.52.1

MozillaThunderbird-translations-other-91.4.0-lp152.2.52.1

References

https://www.suse.com/security/cve/CVE-2021-29981.html

https://www.suse.com/security/cve/CVE-2021-29982.html

https://www.suse.com/security/cve/CVE-2021-29987.html

https://www.suse.com/security/cve/CVE-2021-29991.html

https://www.suse.com/security/cve/CVE-2021-32810.html

https://www.suse.com/security/cve/CVE-2021-38492.html

https://www.suse.com/security/cve/CVE-2021-38493.html

https://www.suse.com/security/cve/CVE-2021-38495.html

https://www.suse.com/security/cve/CVE-2021-38496.html

https://www.suse.com/security/cve/CVE-2021-38497.html

https://www.suse.com/security/cve/CVE-2021-38498.html

https://www.suse.com/security/cve/CVE-2021-38500.html

https://www.suse.com/security/cve/CVE-2021-38501.html

https://www.suse.com/security/cve/CVE-2021-38502.html

https://www.suse.com/security/cve/CVE-2021-38503.html

https://www.suse.com/security/cve/CVE-2021-38504.html

https://www.suse.com/security/cve/CVE-2021-38505.html

https://www.suse.com/security/cve/CVE-2021-38506.html

https://www.suse.com/security/cve/CVE-2021-385...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:1635-1
Rating: important
Affected Products: openSUSE Leap 15.2 .

Topics%20covered

Topics Covered

security advisory vulnerability important mozilla thunderbird open suse

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here