openSUSE: 2023:4302-1 important: MozillaThunderbird memory safety
opensuse
October 31, 2023
This update for MozillaThunderbird fixes the following issues: Updated to version 115.4.1:
Description
This update for MozillaThunderbird fixes the following issues:
* Updated to version 115.4.1:
* CVE-2023-5721: Fixed a potential clickjack via queued up rendering.
* CVE-2023-5732: Fixed an address bar spoofing via bidirectional characters
* CVE-2023-5724: Fixed a crash due to a large WebGL draw.
* CVE-2023-5725: Fixed an issue where WebExtensions could open arbitrary URLs.
* CVE-2023-5726: Fixed an issue where fullscreen notifications would be
obscured by file the open dialog on macOS.
* CVE-2023-5727: Fixed a download protection bypass on on Windows.
* CVE-2023-5728: Fixed a crash caused by improper object tracking during GC in
the JavaScript engine.
* CVE-2023-5730: Fixed multiple memory safety issues.
Patch
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4302=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4302=1
* SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4302=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4302=1
* SUSE Linux Enterprise Workstation Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4302=1
* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4302=1
Package List
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* MozillaThunderbird-115.4.1-150200.8.136.1
* MozillaThunderbird-translations-common-115.4.1-150200.8.136.1
* MozillaThunderbird-translations-other-115.4.1-150200.8.136.1
* MozillaThunderbird-debuginfo-115.4.1-150200.8.136.1
* MozillaThunderbird-debugsource-115.4.1-150200.8.136.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* MozillaThunderbird-115.4.1-150200.8.136.1
* MozillaThunderbird-translations-common-115.4.1-150200.8.136.1
* MozillaThunderbird-translations-other-115.4.1-150200.8.136.1
* MozillaThunderbird-debuginfo-115.4.1-150200.8.136.1
* MozillaThunderbird-debugsource-115.4.1-150200.8.136.1
* SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x)
* MozillaThunderbird-115.4.1-150200.8.136.1
* MozillaThunderbird-translations-common-115.4.1-150200.8.136.1
* MozillaThunderbird-translations-other-115.4.1-150200.8.136.1
* MozillaThunderbird-debuginfo-115.4.1-150200.8.136.1
* MozillaThunderbird-debugsource-115.4.1-150200.8.136.1
* SUSE Package...
Read the Full AdvisoryReferences
* bsc#1216338
## References:
* https://www.suse.com/security/cve/CVE-2023-5721.html
* https://www.suse.com/security/cve/CVE-2023-5724.html
* https://www.suse.com/security/cve/CVE-2023-5725.html
* https://www.suse.com/security/cve/CVE-2023-5726.html
* https://www.suse.com/security/cve/CVE-2023-5727.html
* https://www.suse.com/security/cve/CVE-2023-5728.html
* https://www.suse.com/security/cve/CVE-2023-5730.html
* https://www.suse.com/security/cve/CVE-2023-5732.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216338
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2023:4302-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!