Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2022:4085-1 Important: MozillaThunderbird Denial of Service

suse
Calendar Grey November 18, 2022
Dist Suse Esm H88
Mozilla Thunderbird's recent security patch addresses 17 vulnerabilities, offering vital updates for SUSE users at risk.
An update that fixes 17 vulnerabilities is now available

Summary

This update for MozillaThunderbird fixes the following issues: - Fixed various security issues (MFSA 2022-49, bsc#1205270): * CVE-2022-45403 (bmo#1762078) Service Workers might have learned size of cross-origin media files * CVE-2022-45404 (bmo#1790815) Fullscreen notification bypass * CVE-2022-45405 (bmo#1791314) Use-after-free in InputStream implementation * CVE-2022-45406 (bmo#1791975) Use-after-free of a JavaScript Realm * CVE-2022-45408 (bmo#1793829) Fullscreen notification bypass via windowName * CVE-2022-45409 (bmo#1796901) Use-after-free in Garbage Collection * CVE-2022-45410 (bmo#1658869) ServiceWorker-intercepted requests bypassed SameSite cookie policy * CVE-2022-45411 (bmo#1790311) Cross-Site Tracing was possible via

Topics%20covered

Topics Covered

security advisory denial of service software update memory issue SUSE important fix MozillaThunderbird

References

#1204421 #1205270

Cross- CVE-2022-42927 CVE-2022-42928 CVE-2022-42929

CVE-2022-42932 CVE-2022-45403 CVE-2022-45404

CVE-2022-45405 CVE-2022-45406 CVE-2022-45408

CVE-2022-45409 CVE-2022-45410 CVE-2022-45411

CVE-2022-45412 CVE-2022-45416 CVE-2022-45418

CVE-2022-45420 CVE-2022-45421

CVSS scores:

CVE-2022-42927 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-42928 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-42929 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE-2022-42932 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products:

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise Desktop 15-SP3

SUSE Linux Enterprise Desktop 15-SP4

SUSE Linux Enterprise High Performance ...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:4085-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service software update memory issue SUSE important fix MozillaThunderbird

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here