Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

SUSE: 2021:2458-1 Important: Memory Safety Fixes in Mozilla Thunderbird

suse
Calendar Grey July 22, 2021
Dist Suse Esm H88
This CentOS Security Patch tackles severe vulnerabilities in Firefox that require attention. Ensure your safety!
An update that fixes four vulnerabilities is now available

Summary

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.12 * fixed: Sending an email containing HTML links with spaces in the URL sometimes resulted in broken links * fixed: Folder Pane display theme fixes for macOS * fixed: Chat account settings did not always save as expected * fixed: RSS feed subscriptions sometimes lost * fixed: Calendar: A parsing error for alarm triggers of type "DURATION" caused sync problems for some users * fixed: Various security fixes MFSA 2021-30 (bsc#1188275) * CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could be processed * CVE-2021-29970: Use-after-free in accessibility features of a document * CVE-2021-30547: Out of bounds write in ANGLE * CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12 Patch Instructions:

References

#1188275

Cross- CVE-2021-29969 CVE-2021-29970 CVE-2021-29976

CVE-2021-30547

CVSS scores:

CVE-2021-29969 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-30547 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Workstation Extension 15-SP3

SUSE Linux Enterprise Workstation Extension 15-SP2

https://www.suse.com/security/cve/CVE-2021-29969.html

https://www.suse.com/security/cve/CVE-2021-29970.html

https://www.suse.com/security/cve/CVE-2021-29976.html

https://www.suse.com/security/cve/CVE-2021-30547.html

https://bugzilla.suse.com/1188275

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2458-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.