Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

openSUSE: 2024:3629-1 important: MozillaThunderbird memory safety fixes

suse
Calendar Grey October 15, 2024
Dist Suse Esm H88
An essential security patch has been issued by SUSE for Mozilla Thunderbird, addressing multiple noted vulnerabilities and improving overall security.
* bsc#1230979 * bsc#1231413 Cross-References: * CVE-2024-8900

Summary

## This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.3.1 (MFSA 2024-51, bsc#1231413): * CVE-2024-9680: Use-after-free in Animation timeline Update to Mozilla Thunderbird 128.3 (MFSA 2024-49, bsc#1230979): * CVE-2024-9392: Compromised content process can bypass site isolation * CVE-2024-9393: Cross-origin access to PDF contents through multipart responses * CVE-2024-9394: Cross-origin access to JSON contents through multipart responses * CVE-2024-8900: Clipboard write permission bypass * CVE-2024-9396: Potential memory corruption may occur when cloning certain objects * CVE-2024-9397: Potential directory upload bypass via clickjacking * CVE-2024-9398: External protocol handlers could be enumerated via popups

Topics%20covered

Topics Covered

security advisory Denial of Service memory safety important update Mozilla Thunderbird openSUSE bsc IDs

References

* bsc#1230979

* bsc#1231413

Cross-

* CVE-2024-8900

* CVE-2024-9392

* CVE-2024-9393

* CVE-2024-9394

* CVE-2024-9396

* CVE-2024-9397

* CVE-2024-9398

* CVE-2024-9399

* CVE-2024-9400

* CVE-2024-9401

* CVE-2024-9402

* CVE-2024-9680

CVSS scores:

* CVE-2024-8900 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2024-9392 ( SUSE ): 7.7

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2024-9392 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2024-9392 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-9393 ( SUSE ): 2.3

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2024-9393 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:3629-1
Release Date: 2024-10-15T06:57:43Z
Rating: important

Topics%20covered

Topics Covered

security advisory Denial of Service memory safety important update Mozilla Thunderbird openSUSE bsc IDs

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here