Bug 1184960 (CVE-2021-23994)

Summary: VUL-0: MozillaFirefox / MozillaThunderbird: update to 88 and 78.10.0esr
Product: [Novell Products] SUSE Security Incidents Reporter: Martin Sirringhaus <martin.sirringhaus>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: Andreas.Stieger, manfred.h, rfrohl, wolfgang
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/282236/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-23961:7.4:(AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N) CVSSv3.1:SUSE:CVE-2021-23994:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3.1:SUSE:CVE-2021-23995:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3.1:SUSE:CVE-2021-23998:6.1:(AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVSSv3.1:SUSE:CVE-2021-23999:6.1:(AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVSSv3.1:SUSE:CVE-2021-24002:6.1:(AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVSSv3.1:SUSE:CVE-2021-29945:6.1:(AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVSSv3.1:SUSE:CVE-2021-29946:6.3:(AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) CVSSv3.1:SUSE:CVE-2021-29948:4.2:(AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Martin Sirringhaus 2021-04-19 13:13:54 UTC 
- Mozilla Thunderbird 78.10
  MFSA 2021-14
  * CVE-2021-23994 (bmo#1699077)
    Out of bound write due to lazy initialization
  * CVE-2021-23995 (bmo#1699835)
    Use-after-free in Responsive Design Mode
  * CVE-2021-23998 (bmo#1667456)
    Secure Lock icon could have been spoofed
  * CVE-2021-23961 (bmo#1677940)
    More internal network hosts could have been probed by a
    malicious webpage
  * CVE-2021-23999 (bmo#1691153)
    Blob URLs may have been granted additional privileges
  * CVE-2021-24002 (bmo#1702374)
    Arbitrary FTP command execution on FTP servers using an
    encoded URL
  * CVE-2021-29945 (bmo#1700690)
    Incorrect size computation in WebAssembly JIT could lead to
    null-reads
  * CVE-2021-29946 (bmo#1698503)
    Port blocking could be bypassed
  * CVE-2021-29948 (bmo#1692899)
    Race condition when reading from disk while verifying
    signatures

- Mozilla Firefox ESR 78.10
  MFSA 2021-15
  * CVE-2021-23994 (bmo#1699077)
    Out of bound write due to lazy initialization
  * CVE-2021-23995 (bmo#1699835)
    Use-after-free in Responsive Design Mode
  * CVE-2021-23998 (bmo#1667456)
    Secure Lock icon could have been spoofed
  * CVE-2021-23961 (bmo#1677940)
    More internal network hosts could have been probed by a
    malicious webpage
  * CVE-2021-23999 (bmo#1691153)
    Blob URLs may have been granted additional privileges
  * CVE-2021-24002 (bmo#1702374)
    Arbitrary FTP command execution on FTP servers using an
    encoded URL
  * CVE-2021-29945 (bmo#1700690)
    Incorrect size computation in WebAssembly JIT could lead to
    null-reads
  * CVE-2021-29946 (bmo#1698503)
    Port blocking could be bypassed

- Mozilla Firefox 88
  MFSA 2021-16
  * CVE-2021-23994 (bmo#1699077)
    Out of bound write due to lazy initialization
  * CVE-2021-23995 (bmo#1699835)
    Use-after-free in Responsive Design Mode
  * CVE-2021-23996 (bmo#1701834)
    Content rendered outside of webpage viewport
  * CVE-2021-23997 (bmo#1701942)
    Use-after-free when freeing fonts from cache
  * CVE-2021-23998 (bmo#1667456)
    Secure Lock icon could have been spoofed
  * CVE-2021-23999 (bmo#1691153)
    Blob URLs may have been granted additional privileges
  * CVE-2021-24000 (bmo#1694698)
    requestPointerLock() could be applied to a tab different from
    the visible tab
  * CVE-2021-24001 (bmo#1694727)
    Testing code could have enabled session history manipulations
    by a compromised content process
  * CVE-2021-24002 (bmo#1702374)
    Arbitrary FTP command execution on FTP servers using an
    encoded URL
  * CVE-2021-29945 (bmo#1700690)
    Incorrect size computation in WebAssembly JIT could lead to
    null-reads
  * CVE-2021-29944 (bmo#1697604)
    HTML injection vulnerability in Firefox for Android's Reader
    View
  * CVE-2021-29946 (bmo#1698503)
    Port blocking could be bypassed
  * CVE-2021-29947 (bmo#1651449, bmo#1674142, bmo#1693476,
    bmo#1696886, bmo#1700091)
    Memory safety bugs fixed in Firefox 88
Comment 1 OBSbugzilla Bot 2021-04-20 08:40:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1184960) was mentioned in
https://build.opensuse.org/request/show/886906 Factory / MozillaThunderbird
Comment 4 Swamp Workflow Management 2021-04-23 10:15:54 UTC 
SUSE-SU-2021:1307-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1184960
CVE References: CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src):    MozillaFirefox-78.10.0-8.38.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src):    MozillaFirefox-78.10.0-8.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2021-04-26 19:15:32 UTC 
openSUSE-SU-2021:0621-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1184960
CVE References: CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    MozillaFirefox-78.10.0-lp152.2.55.1
Comment 6 Swamp Workflow Management 2021-04-27 13:16:15 UTC 
SUSE-SU-2021:1325-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1184960
CVE References: CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    MozillaFirefox-78.10.0-112.57.2
SUSE OpenStack Cloud Crowbar 8 (src):    MozillaFirefox-78.10.0-112.57.2
SUSE OpenStack Cloud 9 (src):    MozillaFirefox-78.10.0-112.57.2
SUSE OpenStack Cloud 8 (src):    MozillaFirefox-78.10.0-112.57.2
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    MozillaFirefox-78.10.0-112.57.2
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    MozillaFirefox-78.10.0-112.57.2
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    MozillaFirefox-78.10.0-112.57.2
SUSE Linux Enterprise Server 12-SP5 (src):    MozillaFirefox-78.10.0-112.57.2
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    MozillaFirefox-78.10.0-112.57.2
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    MozillaFirefox-78.10.0-112.57.2
SUSE Linux Enterprise Server 12-SP3-BCL (src):    MozillaFirefox-78.10.0-112.57.2
SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (src):    MozillaFirefox-78.10.0-112.57.2
SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (src):    MozillaFirefox-78.10.0-112.57.2
SUSE Linux Enterprise Server 12-SP2-BCL (src):    MozillaFirefox-78.10.0-112.57.2
HPE Helion Openstack 8 (src):    MozillaFirefox-78.10.0-112.57.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2021-04-28 19:17:33 UTC 
SUSE-SU-2021:14708-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1184960
CVE References: CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    MozillaFirefox-78.10.0-78.126.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    MozillaFirefox-78.10.0-78.126.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2021-04-29 13:17:04 UTC 
SUSE-SU-2021:1432-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1184960
CVE References: CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946,CVE-2021-29948
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    MozillaThunderbird-78.10.0-8.23.1
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    MozillaThunderbird-78.10.0-8.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2021-04-29 13:21:52 UTC 
SUSE-SU-2021:1433-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1184960
CVE References: CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    MozillaFirefox-78.10.0-3.139.1
SUSE Manager Retail Branch Server 4.0 (src):    MozillaFirefox-78.10.0-3.139.1
SUSE Manager Proxy 4.0 (src):    MozillaFirefox-78.10.0-3.139.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    MozillaFirefox-78.10.0-3.139.1
SUSE Linux Enterprise Server for SAP 15 (src):    MozillaFirefox-78.10.0-3.139.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    MozillaFirefox-78.10.0-3.139.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    MozillaFirefox-78.10.0-3.139.1
SUSE Linux Enterprise Server 15-LTSS (src):    MozillaFirefox-78.10.0-3.139.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    MozillaFirefox-78.10.0-3.139.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    MozillaFirefox-78.10.0-3.139.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    MozillaFirefox-78.10.0-3.139.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    MozillaFirefox-78.10.0-3.139.1
SUSE Enterprise Storage 6 (src):    MozillaFirefox-78.10.0-3.139.1
SUSE CaaS Platform 4.0 (src):    MozillaFirefox-78.10.0-3.139.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2021-05-01 10:15:30 UTC 
openSUSE-SU-2021:0644-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1184960
CVE References: CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946,CVE-2021-29948
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    MozillaThunderbird-78.10.0-lp152.2.41.1
Comment 11 Marcus Meissner 2021-08-09 12:15:04 UTC 
done