Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2022:1176-1 Important Update: MozillaThunderbird Memory Issues Fix

suse
Calendar Grey April 13, 2022
Dist Suse Esm H88
SUSE resolves 9 vulnerabilities in MozillaThunderbird, addressing critical concerns including memory corruption and denial of service risks.
An update that fixes 9 vulnerabilities is now available

Summary

This update for MozillaThunderbird fixes the following issues: - Updated to version 91.8 (bsc#1197903): - CVE-2022-1097: Fixed a memory corruption issue with NSSToken objects. - CVE-2022-28281: Fixed a memory corruption issue due to unexpected WebAuthN Extensions. - CVE-2022-1197: Fixed an issue where OpenPGP revocation information was ignored. - CVE-2022-1196: Fixed a memory corruption issue after VR process destruction. - CVE-2022-28282: Fixed a memory corruption issue in document translation. - CVE-2022-28285: Fixed a memory corruption issue in JIT code generation. - CVE-2022-28286: Fixed an iframe layout issue that could have been exploited to stage spoofing attacks. - CVE-2022-24713: Fixed a potential denial of service via complex regular expressions.

Topics%20covered

Topics Covered

security advisory denial of service memory corruption important SUSE MozillaThunderbird

References

#1197903

Cross- CVE-2022-1097 CVE-2022-1196 CVE-2022-1197

CVE-2022-24713 CVE-2022-28281 CVE-2022-28282

CVE-2022-28285 CVE-2022-28286 CVE-2022-28289

CVSS scores:

CVE-2022-1097 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-1196 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE-2022-1197 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE-2022-24713 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-24713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2022-28281 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-28282 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE-2022-28285 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1176-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service memory corruption important SUSE MozillaThunderbird

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here