Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

SUSE: 2024:1858-1 Important: MozillaThunderbird Security Fixes

suse
Calendar Grey August 19, 2024
Scroller Suse
Essential security patch for MozillaFirefox addressing various vulnerabilities and enhancing overall protection. Ensure updates are applied without delay.
* bsc#1224056 Cross-References: * CVE-2024-4367 * CVE-2024-4767

Summary

## This update for MozillaThunderbird fixes the following issues: Update to version 115.11 (bsc#1224056): * CVE-2024-4367: Arbitrary JavaScript execution in PDF.js * CVE-2024-4767: IndexedDB files retained in private browsing mode * CVE-2024-4768: Potential permissions request bypass via clickjacking * CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types * CVE-2024-4770: Use-after-free could occur when printing to PDF * CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 * fixed: Splitter arrow between task list and task description did not behave as expected * fixed: Calendar Event Attendees dialog had incorrectly sized rows ## Patch Instructions:

References

* bsc#1224056

Cross-

* CVE-2024-4367

* CVE-2024-4767

* CVE-2024-4768

* CVE-2024-4769

* CVE-2024-4770

* CVE-2024-4777

CVSS scores:

* CVE-2024-4367 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2024-4767 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

* CVE-2024-4768 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

* CVE-2024-4769 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

* CVE-2024-4770 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2024-4777 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products:

* openSUSE Leap 15.5

* openSUSE Leap 15.6

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4

* SUSE Linux Enterprise Desktop 15 SP5

* SUSE Linux Enterprise Desktop 15 SP6

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:1858-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.