SUSE: 2022:1719-1 Important: MozillaThunderbird Fixes and Updates

suse

May 17, 2022

An update that fixes 8 vulnerabilities is now available

Summary

This update for MozillaThunderbird fixes the following issues: Various security fixes MFSA 2022-18 (bsc#1198970): - CVE-2022-1520: Incorrect security status shown after viewing an attached email (bmo#1745019). - CVE-2022-29914: Fullscreen notification bypass using popups (bmo#1746448). - CVE-2022-29909: Bypassing permission prompt in nested browsing contexts (bmo#1755081). - CVE-2022-29916: Leaking browser history with CSS variables (bmo#1760674). - CVE-2022-29911: iframe sandbox bypass (bmo#1761981). - CVE-2022-29912: Reader mode bypassed SameSite cookies (bmo#1692655). - CVE-2022-29913: Speech Synthesis feature not properly disabled (bmo#1764778). - CVE-2022-29917: Memory safety bugs fixed in Thunderbird 91.9 (bmo#1684739, bmo#1706441, bmo#1753298, bmo#1762614, bmo#1762620).

Topics Covered

security advisory update important SUSE memory safety MozillaThunderbird notification bypass

References

#1198970

Cross- CVE-2022-1520 CVE-2022-29909 CVE-2022-29911

CVE-2022-29912 CVE-2022-29913 CVE-2022-29914

CVE-2022-29916 CVE-2022-29917

CVSS scores:

CVE-2022-1520 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2022-29909 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-29911 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-29912 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE-2022-29913 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE-2022-29914 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-29916 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-29917 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2022:1719-1

Rating: important

Topics Covered

security advisory update important SUSE memory safety MozillaThunderbird notification bypass

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:1719-1 Important: MozillaThunderbird Fixes and Updates

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:1719-1 Important: MozillaThunderbird Fixes and Updates

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!