Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

DEBIAN: 2023:3487-2 Critical: Firefox Security Vulnerabilities

suse
Calendar Grey December 20, 2022
Dist Suse Esm H88
Update released for MozillaThunderbird addressing 7 vulnerabilities to improve security and minimize threats for SUSE users.
An update that fixes 7 vulnerabilities is now available

Summary

This update for MozillaThunderbird fixes the following issues: Update to version 102.6 (bsc#1206242): - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions - CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS - CVE-2022-46882: Use-after-free in WebGL - CVE-2022-46878: Memory safety bugs fixed in Thunderbird 102.6 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4:

Topics%20covered

Topics Covered

security advisory vulnerability important memory safety SUSE Linux Enterprise MozillaThunderbird openSUSE Leap

References

#1206242

Cross- CVE-2022-46872 CVE-2022-46874 CVE-2022-46875

CVE-2022-46878 CVE-2022-46880 CVE-2022-46881

CVE-2022-46882

Affected Products:

SUSE Linux Enterprise Desktop 15-SP4

SUSE Linux Enterprise High Performance Computing 15-SP4

SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4

SUSE Linux Enterprise Server 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15-SP4

SUSE Linux Enterprise Workstation Extension 15-SP4

SUSE Manager Proxy 4.3

SUSE Manager Retail Branch Server 4.3

SUSE Manager Server 4.3

openSUSE Leap 15.3

openSUSE Leap 15.4

https://www.suse.com/security/cve/CVE-2022-46872.html

https://www.suse.com/security/cve/CVE-2022-46874.html

https://www.suse.com/security/cve/CVE-2022-46875.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:4579-1
Rating: important

Topics%20covered

Topics Covered

security advisory vulnerability important memory safety SUSE Linux Enterprise MozillaThunderbird openSUSE Leap

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here