openSUSE Leap 15.3: 2021:4150-1 Critical: MozillaThunderbird Update
opensuse
December 22, 2021
An update that fixes 33 vulnerabilities is now available
Description
This update for MozillaThunderbird fixes the following issues:
- Update to version 91.4 MFSA 2021-54 (bsc#1193485)
- CVE-2021-43536: URL leakage when navigating while executing asynchronous
function
- CVE-2021-43537: Heap buffer overflow when using structured clone
- CVE-2021-43538: Missing fullscreen and pointer lock notification when
requesting both
- CVE-2021-43539: GC rooting failure when calling wasm instance methods
- CVE-2021-43541: External protocol handler parameters were unescaped
- CVE-2021-43542: XMLHttpRequest error codes could have leaked the
existence of an external protocol handler
- CVE-2021-43543: Bypass of CSP sandbox directive when embedding
- CVE-2021-43545: Denial of Service when using the Location API in a loop
- CVE-2021-43546: Cursor spoofing could overlay user interface when native
cursor is zoomed
- CVE-2021-43528: JavaScript unexpectedly enabled for the composition area
- Update to version 91.3.2
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-4150=1
Package List
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
MozillaThunderbird-91.4.0-8.45.2
MozillaThunderbird-debuginfo-91.4.0-8.45.2
MozillaThunderbird-debugsource-91.4.0-8.45.2
MozillaThunderbird-translations-common-91.4.0-8.45.2
MozillaThunderbird-translations-other-91.4.0-8.45.2
References
https://www.suse.com/security/cve/CVE-2021-29981.html
https://www.suse.com/security/cve/CVE-2021-29982.html
https://www.suse.com/security/cve/CVE-2021-29987.html
https://www.suse.com/security/cve/CVE-2021-29991.html
https://www.suse.com/security/cve/CVE-2021-32810.html
https://www.suse.com/security/cve/CVE-2021-38492.html
https://www.suse.com/security/cve/CVE-2021-38493.html
https://www.suse.com/security/cve/CVE-2021-38495.html
https://www.suse.com/security/cve/CVE-2021-38496.html
https://www.suse.com/security/cve/CVE-2021-38497.html
https://www.suse.com/security/cve/CVE-2021-38498.html
https://www.suse.com/security/cve/CVE-2021-38500.html
https://www.suse.com/security/cve/CVE-2021-38501.html
https://www.suse.com/security/cve/CVE-2021-38502.html
https://www.suse.com/security/cve/CVE-2021-38503.html
https://www.suse.com/security/cve/CVE-2021-38504.html
https://www.suse.com/security/cve/CVE-2021-38505.html
https://www.suse.com/security/cve/CVE-2021-38506.html
https://www.suse.com/security/cve/CVE-2021-385...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2021:4150-1
Rating: important
Affected Products:
openSUSE Leap 15.3
.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!