Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

openSUSE: 2022:0455-1 critical: MozillaFirefox Security Update

opensuse
Calendar Grey February 23, 2022
Dist Opensuse Esm H88
A crucial security patch for Mozilla Firefox rectifies 7 vulnerabilities, boosting general safety levels.
An update that fixes 9 vulnerabilities is now available

Description

This update for MozillaThunderbird fixes the following issues:

- Mozilla Thunderbird 91.6.1 / MFSA 2022-07 (bsc#1196072)

* CVE-2022-0566 (bmo#1753094) Crafted email could trigger an

out-of-bounds write

- Mozilla Thunderbird 91.6 / MFSA 2022-06 (bsc#1195682)

* CVE-2022-22753 (bmo#1732435) Privilege Escalation to SYSTEM on Windows

via Maintenance Service

* CVE-2022-22754 (bmo#1750565) Extensions could have bypassed permission

confirmation during update

* CVE-2022-22756 (bmo#1317873) Drag and dropping an image could have

resulted in the dropped

object being an executable

* CVE-2022-22759 (bmo#1739957) Sandboxed iframes could have executed

script if the parent appended elements

* CVE-2022-22760 (bmo#1740985, bmo#1748503) Cross-Origin responses could

be distinguished between script and non-script content-types

* CVE-2022-22761 (bmo#1745566) frame-ancestors Content Security Policy

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory software update security fix vulnerability important openSUSE MozillaThunderbird

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.4:

zypper in -t patch openSUSE-SLE-15.4-2022-559=1

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2022-559=1

Package List

- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):

MozillaThunderbird-91.6.1-8.54.1

MozillaThunderbird-debuginfo-91.6.1-8.54.1

MozillaThunderbird-debugsource-91.6.1-8.54.1

MozillaThunderbird-translations-common-91.6.1-8.54.1

MozillaThunderbird-translations-other-91.6.1-8.54.1

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

MozillaThunderbird-91.6.1-8.54.1

MozillaThunderbird-debuginfo-91.6.1-8.54.1

MozillaThunderbird-debugsource-91.6.1-8.54.1

MozillaThunderbird-translations-common-91.6.1-8.54.1

MozillaThunderbird-translations-other-91.6.1-8.54.1

References

https://www.suse.com/security/cve/CVE-2022-0566.html

https://www.suse.com/security/cve/CVE-2022-22753.html

https://www.suse.com/security/cve/CVE-2022-22754.html

https://www.suse.com/security/cve/CVE-2022-22756.html

https://www.suse.com/security/cve/CVE-2022-22759.html

https://www.suse.com/security/cve/CVE-2022-22760.html

https://www.suse.com/security/cve/CVE-2022-22761.html

https://www.suse.com/security/cve/CVE-2022-22763.html

https://www.suse.com/security/cve/CVE-2022-22764.html

https://bugzilla.suse.com/1195682

https://bugzilla.suse.com/1196072

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2022:0559-1
Rating: important
Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 .

Topics%20covered

Topics Covered

security advisory software update security fix vulnerability important openSUSE MozillaThunderbird

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here