|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: MozillaFirefox / MozillaThunderbird: update to 86 and 78.8.0esr | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Martin Sirringhaus <martin.sirringhaus> |
| Component: | Incidents | Assignee: | Martin Sirringhaus <martin.sirringhaus> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Major | ||
| Priority: | P2 - High | CC: | atoptsoglou, cgrobertson, meissner |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2021-23968:4.3:(AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) CVSSv3.1:SUSE:CVE-2021-23969:4.3:(AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) CVSSv3.1:SUSE:CVE-2021-23970:6.5:(AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVSSv3.1:SUSE:CVE-2021-23971:6.5:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) CVSSv3.1:SUSE:CVE-2021-23972:8.8:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3.1:SUSE:CVE-2021-23973:6.5:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) CVSSv3.1:SUSE:CVE-2021-23974:6.1:(AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVSSv3.1:SUSE:CVE-2021-23975:6.5:(AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) CVSSv3.1:SUSE:CVE-2021-23976:6.3:(AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N) CVSSv3.1:SUSE:CVE-2021-23977:5.3:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) CVSSv3.1:SUSE:CVE-2021-23978:8.8:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3.1:SUSE:CVE-2021-23979:8.1:(AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
Reference https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/ https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/ https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/ - Mozilla Thunderbird 78.8 MFSA 2021-09 * CVE-2021-23969 (bmo#1542194) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968 (bmo#1687342) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973 (bmo#1690976) MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, bmo#786797) Memory safety bugs fixed in Thunderbird 78.8 This is an autogenerated message for OBS integration: This bug (1182614) was mentioned in https://build.opensuse.org/request/show/874775 Factory / MozillaThunderbird This is an autogenerated message for OBS integration: This bug (1182614) was mentioned in https://build.opensuse.org/request/show/874847 Factory / MozillaFirefox SUSE-SU-2021:0659-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1182357,1182614 CVE References: CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978 JIRA References: Sources used: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): MozillaFirefox-78.8.0-8.32.2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src): MozillaFirefox-78.8.0-8.32.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2021:0667-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1182357,1182614 CVE References: CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): MozillaFirefox-78.8.0-112.51.1 SUSE OpenStack Cloud Crowbar 8 (src): MozillaFirefox-78.8.0-112.51.1 SUSE OpenStack Cloud 9 (src): MozillaFirefox-78.8.0-112.51.1 SUSE OpenStack Cloud 8 (src): MozillaFirefox-78.8.0-112.51.1 SUSE OpenStack Cloud 7 (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server 12-SP5 (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): MozillaFirefox-78.8.0-112.51.1 HPE Helion Openstack 8 (src): MozillaFirefox-78.8.0-112.51.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2021:14657-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1182357,1182614 CVE References: CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): MozillaFirefox-78.8.0-78.120.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): MozillaFirefox-78.8.0-78.120.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2021:0661-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1182357,1182614 CVE References: CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP2 (src): MozillaThunderbird-78.8.0-8.15.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2021:0676-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1181848,1182357,1182614 CVE References: CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978 JIRA References: Sources used: SUSE Manager Server 4.0 (src): MozillaFirefox-78.8.0-3.133.1 SUSE Manager Retail Branch Server 4.0 (src): MozillaFirefox-78.8.0-3.133.1 SUSE Manager Proxy 4.0 (src): MozillaFirefox-78.8.0-3.133.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): MozillaFirefox-78.8.0-3.133.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): MozillaFirefox-78.8.0-3.133.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): MozillaFirefox-78.8.0-3.133.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): MozillaFirefox-78.8.0-3.133.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): MozillaFirefox-78.8.0-3.133.1 SUSE Enterprise Storage 6 (src): MozillaFirefox-78.8.0-3.133.1 SUSE CaaS Platform 4.0 (src): MozillaFirefox-78.8.0-3.133.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2021:0373-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1182357,1182614 CVE References: CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978 JIRA References: Sources used: openSUSE Leap 15.2 (src): MozillaFirefox-78.8.0-lp152.2.49.1 openSUSE-SU-2021:0387-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1182357,1182614 CVE References: CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978 JIRA References: Sources used: openSUSE Leap 15.2 (src): MozillaThunderbird-78.8.0-lp152.2.35.1 done |
- Mozilla Firefox 86 MFSA 2021-07 * CVE-2021-23969 (bmo#1542194) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23970 (bmo#1681724) Multithreaded WASM triggered assertions validating separation of script domains * CVE-2021-23968 (bmo#1687342) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23974 (bmo#1528997, bmo#1683627) noscript elements could have led to an HTML Sanitizer bypass * CVE-2021-23971 (bmo#1678545) A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer * CVE-2021-23976 (bmo#1684627) Local spoofing of web manifests for arbitrary pages in Firefox for Android * CVE-2021-23977 (bmo#1684761) Malicious application could read sensitive data from Firefox for Android's application directories * CVE-2021-23972 (bmo#1683536) HTTP Auth phishing warning was omitted when a redirect is cached * CVE-2021-23975 (bmo#1685145) about:memory’s Measure function caused an incorrect pointer operation * CVE-2021-23973 (bmo#1690976) MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, bmo#786797) Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 * CVE-2021-23979 (bmo#1663222, bmo#1666607, bmo#1672120, bmo#1678463, bmo#1678927, bmo#1679560, bmo#1681297, bmo#1681684, bmo#1683490, bmo#1684377, bmo#1684902) Memory safety bugs fixed in Firefox 86 - Mozilla Firefox ESR 78.8 MFSA 2021-08 (bsc#) * CVE-2021-23969 (bmo#1542194) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968 (bmo#1687342) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973 (bmo#1690976) MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, bmo#786797) Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8