Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
99
security advisorysecurity issuesoftware updateSlackware 15.0: 2025-136-01 moderate: mozilla-thunderbird security fix
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2025-136-01) New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-128.10.1esr-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.thunderbird.net/en-US/thunderbird/128.10.1esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/ https://www.cve.org/CVERecord?id=CVE-2025-3875 https://www.cve.org/CVERecord?id=CVE-2025-3877 https://www.cve.org/CVERecord?id=CVE-2025-3909 https://www.cve.org/CVERecord?id=CVE-2025-3932 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-128.10.1esr-i686-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-128.10.1esr-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-128.10.1esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-128.10.1esr-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 61fc6b964cde1c71227d763ffae284d8 mozilla-thunderbird-128.10.1esr-i686-1_slack15.0.txz Slackware x86_64 15.0 package: c642567c1ea1a0186a6634c91de57183 mozilla-thunderbird-128.10.1esr-x86_64-1_slack15.0.txz Slackware -current package: 839caab7338a635f258785b72d232764 xap/mozilla-thunderbird-128.10.1esr-i686-1.txz Slackware x86_64 -current package: 00d90a5418681004f29e8c415ed04c9e xap/mozilla-thunderbird-128.10.1esr-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mozilla-thunderbird-128.10.1esr-i686-1_slack15.0.txz +-----+ . Latest Mozilla-Thunderbird updates for Slackware 15.0 tackle critical security vulnerabilities, ensuring safer communication with fresh patches released.. Mozilla Thunderbird patch, Slackware security update, Software Security Fix. . Severity: Important. LinuxSecurity.com Team
May 16, 2025
•Important
Slackware
217
security advisorysecurity issuesoftware fixOracle Linux 8 ELSA-2023-4954 Critical: Thunderbird Security Update
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-4954 https://linux.oracle.com/errata/ELSA-2023-4954.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-102.15.0-1.0.1.el8_8.x86_64.rpm aarch64: thunderbird-102.15.0-1.0.1.el8_8.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//thunderbird-102.15.0-1.0.1.el8_8.src.rpm Related CVEs: CVE-2023-4051 CVE-2023-4053 CVE-2023-4573 CVE-2023-4574 CVE-2023-4575 CVE-2023-4577 CVE-2023-4578 CVE-2023-4580 CVE-2023-4581 CVE-2023-4583 CVE-2023-4584 CVE-2023-4585 Description of changes: [102.15.0-1.0.1] - Update to 102.15.0 build1 _______________________________________________ El-errata mailing list
Sep 07, 2023
•Critical
Oracle
217
security advisorysecurity fiximportant updateOracle Linux 9 ELSA-2023-3150: Important Update for Thunderbird Security
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-3150 https://linux.oracle.com/errata/ELSA-2023-3150.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-102.11.0-1.0.1.el9_2.x86_64.rpm aarch64: thunderbird-102.11.0-1.0.1.el9_2.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates//thunderbird-102.11.0-1.0.1.el9_2.src.rpm Related CVEs: CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32215 Description of changes: [102.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.11.0-1] - Update to 102.11.0 build1 _______________________________________________ El-errata mailing list
May 18, 2023
•Important
Oracle
199
security advisorysecurity issuesoftware updateCentOS: CESA-2019-0159 Important: Thunderbird Security Update
Upstream details at : https://access.redhat.com/errata/RHSA-2019:0159. CentOS Errata and Security Advisory 2019:0159 Important Upstream details at : https://access.redhat.com/errata/RHSA-2019:0159 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 3dd89f15fd6f1d0fec925fd0d6910256482e30168de85866c7c55a90dfaf886e thunderbird-60.4.0-1.el6.centos.i686.rpm x86_64: 2c65a3f7fe1ad1cbc8df6f6dab3a6f74f4dc0c028403efc576e0c55b70c32c3c thunderbird-60.4.0-1.el6.centos.x86_64.rpm Source: 6ecc9c8bfd3a73c0e76df609138a9a4a25852e19a7d6d422286b7f49ef7abdd4 thunderbird-60.4.0-1.el6.centos.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Feb 01, 2019
•Important
CentOS
99
security advisorysecurity fixsoftware upgradeSlackware 14.1: 2015-192-01 Critical: Mozilla-Thunderbird Update
New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2015-192-01) New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-38.1.0-i486-1_slack14.1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.1 package: d29cae765dd959599db2dc8fba4fda47 mozilla-thunderbird-38.1.0-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 0b89334358d130511fd0c2f5d0c40daa mozilla-thunderbird-38.1.0-x86_64-1_slack14.1.txz Slackware -current package: 020fc71c1e26f9bdccede7e346d2c14c xap/mozilla-thunderbird-38.1.0-i586-1.txz Slackware x86_64 -current package: f20699d1a7cf28074a2089c23b431c24 xap/mozilla-thunderbird-38.1.0-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mozilla-thunderbird-38.1.0-i486-1_slack14.1.txz +-----+ . Recent mozilla-thunderbird updates for Slackware deliver essential security patches that tackle identified vulnerabilities.. Mozilla Thunderbird, Slackware Packages, Security Update. . Severity: Critical. LinuxSecurity.com Team
Jul 12, 2015
•Critical
Slackware
202
security advisoryimportant updateXSS attackopenSUSE 12.2/12.3: 2013:1348-1 Important: Mozilla Software Update
An update that fixes 11 vulnerabilities is now available. An update that fixes 11 vulnerabilities is now available. An update that fixes 11 vulnerabilities is now available.. openSUSE Security Update: update for MozillaFirefox, MozillaThunderbird, mozilla-nspr, mozilla-nss, seamonkey, xulrunner ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1348-1 Rating: important References: #833389 Cross-References: CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1708 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: Changes in seamonkey: - update to SeaMonkey 2.20 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS3.15 - removed obsolete seamonkey-shared-nss-db.patch Changes in seamonkey: - update to SeaMonkey 2.20 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - removed obsolete seamonkey-shared-nss-db.patch Changes in xulrunner: - update to 17.0.8esr (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system Changes in xulrunner: - update to 17.0.8esr (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709(bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system Changes in MozillaThunderbird: - update to Thunderbird 17.0.8 (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 * bugfix release Changes in MozillaThunderbird: - update to Thunderbird 17.0.8 (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 * bugfix release Changes in mozilla-nss: - fix 32bitrequirement, it's without () actually - update to 3.15.1 * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. * some bugfixes and improvements - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991) - update to 3.15 * Packaging + removed obsolete patches * nss-disable-expired-testcerts.patch * bug-834091.patch * New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + certutil has been updated to support creating name constraints extensions. * New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension. in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item-> len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. * New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems. * New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE * Notable changes + SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code. + The list of root CA certificates in the nssckbi module has been updated. + The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache. * a lot of bugfixes - Add Source URL, see https://en.opensuse.org/SourceUrls Changes in mozilla-nss: - fix 32bit requirement, it's without () actually - update to 3.15.1 * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. * some bugfixes and improvements - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991) - update to 3.15 * Packaging + removed obsolete patches * nss-disable-expired-testcerts.patch * bug-834091.patch * New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + certutil has been updated to support creating name constraints extensions. * New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension. in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item-> len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. * New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems. * New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE * Notable changes + SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code. + The list of root CA certificates in the nssckbi module has been updated. + The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache. * a lot of bugfixes - Add Source URL, see https://en.opensuse.org/SourceUrls Changes in mozilla-nspr: - update to version 4.10 * bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena. * bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf. * bmo#856196: Fix compiler warnings and clean up code in NSPR 4.10. * bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c. * bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h. * bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux. * bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority. Changes in mozilla-nspr: - update to version 4.10 * bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena. * bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf. * bmo#856196: Fix compiler warnings andclean up code in NSPR 4.10. * bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c. * bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h. * bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux. * bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority. Changes in MozillaFirefox: - update to Firefox 23.0 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - fix build on ARM (/-g/ matches /-grecord-switches/) Changes in MozillaFirefox: - update to Firefox 23.0 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - fix build on ARM (/-g/ matches /-grecord-switches/) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-652 - openSUSE 12.2: zypper in -t patch openSUSE-2013-652 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): MozillaFirefox-23.0-1.29.1 MozillaFirefox-branding-upstream-23.0-1.29.1 MozillaFirefox-buildsymbols-23.0-1.29.1 MozillaFirefox-debuginfo-23.0-1.29.1 MozillaFirefox-debugsource-23.0-1.29.1 MozillaFirefox-devel-23.0-1.29.1 MozillaFirefox-translations-common-23.0-1.29.1 MozillaFirefox-translations-other-23.0-1.29.1 MozillaThunderbird-17.0.8-61.21.2 MozillaThunderbird-buildsymbols-17.0.8-61.21.2 MozillaThunderbird-debuginfo-17.0.8-61.21.2 MozillaThunderbird-debugsource-17.0.8-61.21.2 MozillaThunderbird-devel-17.0.8-61.21.2 MozillaThunderbird-devel-debuginfo-17.0.8-61.21.2 MozillaThunderbird-translations-common-17.0.8-61.21.2 MozillaThunderbird-translations-other-17.0.8-61.21.2 enigmail-1.5.2+17.0.8-61.21.2 enigmail-debuginfo-1.5.2+17.0.8-61.21.2 libfreebl3-3.15.1-1.12.1 libfreebl3-debuginfo-3.15.1-1.12.1 libsoftokn3-3.15.1-1.12.1 libsoftokn3-debuginfo-3.15.1-1.12.1 mozilla-js-17.0.8-1.24.1 mozilla-js-debuginfo-17.0.8-1.24.1 mozilla-nspr-4.10-1.14.1 mozilla-nspr-debuginfo-4.10-1.14.1 mozilla-nspr-debugsource-4.10-1.14.1 mozilla-nspr-devel-4.10-1.14.1 mozilla-nss-3.15.1-1.12.1 mozilla-nss-certs-3.15.1-1.12.1 mozilla-nss-certs-debuginfo-3.15.1-1.12.1 mozilla-nss-debuginfo-3.15.1-1.12.1 mozilla-nss-debugsource-3.15.1-1.12.1 mozilla-nss-devel-3.15.1-1.12.1 mozilla-nss-sysinit-3.15.1-1.12.1 mozilla-nss-sysinit-debuginfo-3.15.1-1.12.1 mozilla-nss-tools-3.15.1-1.12.1 mozilla-nss-tools-debuginfo-3.15.1-1.12.1 seamonkey-2.20-1.16.1 seamonkey-debuginfo-2.20-1.16.1 seamonkey-debugsource-2.20-1.16.1 seamonkey-dom-inspector-2.20-1.16.1 seamonkey-irc-2.20-1.16.1 seamonkey-translations-common-2.20-1.16.1 seamonkey-translations-other-2.20-1.16.1 seamonkey-venkman-2.20-1.16.1 xulrunner-17.0.8-1.24.1 xulrunner-buildsymbols-17.0.8-1.24.1 xulrunner-debuginfo-17.0.8-1.24.1 xulrunner-debugsource-17.0.8-1.24.1 xulrunner-devel-17.0.8-1.24.1 xulrunner-devel-debuginfo-17.0.8-1.24.1 - openSUSE 12.3 (x86_64): libfreebl3-32bit-3.15.1-1.12.1 libfreebl3-debuginfo-32bit-3.15.1-1.12.1 libsoftokn3-32bit-3.15.1-1.12.1 libsoftokn3-debuginfo-32bit-3.15.1-1.12.1 mozilla-js-32bit-17.0.8-1.24.1 mozilla-js-debuginfo-32bit-17.0.8-1.24.1 mozilla-nspr-32bit-4.10-1.14.1 mozilla-nspr-debuginfo-32bit-4.10-1.14.1 mozilla-nss-32bit-3.15.1-1.12.1 mozilla-nss-certs-32bit-3.15.1-1.12.1 mozilla-nss-certs-debuginfo-32bit-3.15.1-1.12.1 mozilla-nss-debuginfo-32bit-3.15.1-1.12.1 mozilla-nss-sysinit-32bit-3.15.1-1.12.1 mozilla-nss-sysinit-debuginfo-32bit-3.15.1-1.12.1 xulrunner-32bit-17.0.8-1.24.1 xulrunner-debuginfo-32bit-17.0.8-1.24.1 - openSUSE 12.2 (i586 x86_64): MozillaFirefox-23.0-2.55.1 MozillaFirefox-branding-upstream-23.0-2.55.1 MozillaFirefox-buildsymbols-23.0-2.55.1 MozillaFirefox-debuginfo-23.0-2.55.1 MozillaFirefox-debugsource-23.0-2.55.1 MozillaFirefox-devel-23.0-2.55.1 MozillaFirefox-translations-common-23.0-2.55.1 MozillaFirefox-translations-other-23.0-2.55.1 MozillaThunderbird-17.0.8-49.51.2 MozillaThunderbird-buildsymbols-17.0.8-49.51.2 MozillaThunderbird-debuginfo-17.0.8-49.51.2 MozillaThunderbird-debugsource-17.0.8-49.51.2 MozillaThunderbird-devel-17.0.8-49.51.2 MozillaThunderbird-devel-debuginfo-17.0.8-49.51.2 MozillaThunderbird-translations-common-17.0.8-49.51.2 MozillaThunderbird-translations-other-17.0.8-49.51.2 enigmail-1.5.2+17.0.8-49.51.2 enigmail-debuginfo-1.5.2+17.0.8-49.51.2 libfreebl3-3.15.1-2.23.1 libfreebl3-debuginfo-3.15.1-2.23.1 libsoftokn3-3.15.1-2.23.1 libsoftokn3-debuginfo-3.15.1-2.23.1 mozilla-js-17.0.8-2.50.1 mozilla-js-debuginfo-17.0.8-2.50.1 mozilla-nspr-4.10-1.16.1 mozilla-nspr-debuginfo-4.10-1.16.1 mozilla-nspr-debugsource-4.10-1.16.1 mozilla-nspr-devel-4.10-1.16.1 mozilla-nss-3.15.1-2.23.1 mozilla-nss-certs-3.15.1-2.23.1 mozilla-nss-certs-debuginfo-3.15.1-2.23.1 mozilla-nss-debuginfo-3.15.1-2.23.1 mozilla-nss-debugsource-3.15.1-2.23.1 mozilla-nss-devel-3.15.1-2.23.1 mozilla-nss-sysinit-3.15.1-2.23.1 mozilla-nss-sysinit-debuginfo-3.15.1-2.23.1 mozilla-nss-tools-3.15.1-2.23.1 mozilla-nss-tools-debuginfo-3.15.1-2.23.1 seamonkey-2.20-2.46.1 seamonkey-debuginfo-2.20-2.46.1 seamonkey-debugsource-2.20-2.46.1 seamonkey-dom-inspector-2.20-2.46.1 seamonkey-irc-2.20-2.46.1 seamonkey-translations-common-2.20-2.46.1 seamonkey-translations-other-2.20-2.46.1 seamonkey-venkman-2.20-2.46.1 xulrunner-17.0.8-2.50.1 xulrunner-buildsymbols-17.0.8-2.50.1 xulrunner-debuginfo-17.0.8-2.50.1 xulrunner-debugsource-17.0.8-2.50.1 xulrunner-devel-17.0.8-2.50.1 xulrunner-devel-debuginfo-17.0.8-2.50.1 - openSUSE 12.2 (x86_64): libfreebl3-32bit-3.15.1-2.23.1 libfreebl3-debuginfo-32bit-3.15.1-2.23.1 libsoftokn3-32bit-3.15.1-2.23.1 libsoftokn3-debuginfo-32bit-3.15.1-2.23.1 mozilla-js-32bit-17.0.8-2.50.1 mozilla-js-debuginfo-32bit-17.0.8-2.50.1 mozilla-nspr-32bit-4.10-1.16.1 mozilla-nspr-debuginfo-32bit-4.10-1.16.1 mozilla-nss-32bit-3.15.1-2.23.1 mozilla-nss-certs-32bit-3.15.1-2.23.1 mozilla-nss-certs-debuginfo-32bit-3.15.1-2.23.1 mozilla-nss-debuginfo-32bit-3.15.1-2.23.1 mozilla-nss-sysinit-32bit-3.15.1-2.23.1 mozilla-nss-sysinit-debuginfo-32bit-3.15.1-2.23.1 xulrunner-32bit-17.0.8-2.50.1 xulrunner-debuginfo-32bit-17.0.8-2.50.1 References: https://www.suse.com/security/cve/CVE-2013-1701.html https://www.suse.com/security/cve/CVE-2013-1702.html https://www.suse.com/security/cve/CVE-2013-1704.html https://www.suse.com/security/cve/CVE-2013-1705.html https://www.suse.com/security/cve/CVE-2013-1708.html https://www.suse.com/security/cve/CVE-2013-1709.html https://www.suse.com/security/cve/CVE-2013-1710.html https://www.suse.com/security/cve/CVE-2013-1711.html https://www.suse.com/security/cve/CVE-2013-1713.html https://www.suse.com/security/cve/CVE-2013-1714.html https://www.suse.com/security/cve/CVE-2013-1717.html . Critical openSUSE notification: Mozilla addresses 11 security flaws in Firefox and Thunderbird. Urgent measures required.. openSUSE Patch, Mozilla security, NVU vulnerabilities, important updates. . Severity: Important. LinuxSecurity.com Team
Aug 16, 2013
•Important
OpenSUSE
99
security advisorycriticalsoftware updateSlackware 13.37: SSA:2011-249-02 Critical: Mozilla-Thunderbird Security Fix
New mozilla-thunderbird packages are available for Slackware 13.0, 13.1, 13.37, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2011-249-02) New mozilla-thunderbird packages are available for Slackware 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-3.1.13-i486-1_slack13.37.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird-3.1/ https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/ (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 13.0: Updated package for Slackware x86_64 13.0: Updated package for Slackware 13.1: Updated package for Slackware x86_64 13.1: Updated package for Slackware 13.37: Updated package for Slackware x86_64 13.37: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.0 package: d8705fb176b5a3cb6e1055cd07ea21c5 mozilla-thunderbird-3.1.13-i686-1.txz Slackware x86_64 13.0 package: ce0d32a9b03cfa6b010eecb55c9c65ca mozilla-thunderbird-3.1.13-x86_64-1_slack13.0.txz Slackware 13.1 package: 77a4d118bd5114e4e6e6a85ae2d95f2a mozilla-thunderbird-3.1.13-i686-1.txz Slackware x86_64 13.1 package: 4993d49c22bcb84181e880eafe77656d mozilla-thunderbird-3.1.13-x86_64-1_slack13.1.txz Slackware 13.37 package: ae6a772ad40bd0d2f3995566e311b1d5 mozilla-thunderbird-3.1.13-i486-1_slack13.37.txz Slackware x86_64 13.37package: f92d79dfa10054e8594ba19596804f15 mozilla-thunderbird-3.1.13-x86_64-1_slack13.37.txz Slackware -current package: 39d346da6a641f95a35c5cb26e0cb04a xap/mozilla-thunderbird-6.0.1-i486-1.txz Slackware x86_64 -current package: 18152da79e3e79faba2650ce8bbb0e75 xap/mozilla-thunderbird-6.0.1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root. +-----+ . Recent Mozilla Thunderbird updates for Slackware address critical security vulnerabilities and incorporate key enhancements.. Mozilla Thunderbird, Slackware Security, Security Updates, Open Source. . Severity: Critical. LinuxSecurity.com Team
Sep 06, 2011
•Critical
Slackware
99
security advisorycriticalsoftware updateSlackware 12.1: SSA:2008-210-05 Critical: Mozilla-Thunderbird Patch
New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, and -current to fix security issues. More details about the issues may be found on the Mozilla site: . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2008-210-05) New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, and -current to fix security issues. More details about the issues may be found on the Mozilla site: https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird-2.0/ Here are the details from the Slackware 12.1 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-2.0.0.16-i686-1.tgz: Upgraded to thunderbird-2.0.0.16. This upgrade fixes some more security bugs. For more information, see: https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird-2.0/ (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 10.2: Updated package for Slackware 11.0: Updated package for Slackware 12.0: Updated package for Slackware 12.1: Updated package for Slackware -current: MD5 signatures: +-------------+ Slackware 10.2 package: b1632ddc521471ae49ea44c74bfeaa5d mozilla-thunderbird-2.0.0.16-i686-1.tgz Slackware 11.0 package: b1632ddc521471ae49ea44c74bfeaa5d mozilla-thunderbird-2.0.0.16-i686-1.tgz Slackware 12.0 package: b1632ddc521471ae49ea44c74bfeaa5d mozilla-thunderbird-2.0.0.16-i686-1.tgz Slackware 12.1package: b1632ddc521471ae49ea44c74bfeaa5d mozilla-thunderbird-2.0.0.16-i686-1.tgz Slackware -current package: b1632ddc521471ae49ea44c74bfeaa5d mozilla-thunderbird-2.0.0.16-i686-1.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mozilla-thunderbird-2.0.0.16-i686-1.tgz +-----+ . The latest Mozilla-Thunderbird update for Slackware brings essential enhancements targeting significant security vulnerabilities, ensuring better performance and overall reliability.. Mozilla Thunderbird Package Security, Slackware Update, Critical Fix. . Severity: Critical. LinuxSecurity.com Team
Jul 29, 2008
•Critical
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!