First Last Prev Next    This bug is not in your last search results.
Bug 1184536 - (CVE-2021-23991) VUL-0: CVE-2021-23991, CVE-2021-23992, CVE-2021-23993: MozillaThunderbird: Update to 78.9.1
(CVE-2021-23991)
VUL-0: CVE-2021-23991, CVE-2021-23992, CVE-2021-23993: MozillaThunderbird: Up...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Martin Sirringhaus
Security Team bot
https://smash.suse.de/issue/281492/
CVSSv3.1:SUSE:CVE-2021-23991:4.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-04-09 07:12 UTC by Alexandros Toptsoglou
Modified: 2021-08-09 12:15 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2021-04-09 07:12:04 UTC 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/

CVE-2021-23991: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key
#MOZ-2021-23992: A crafted OpenPGP key with an invalid user ID could be used to confuse the user
CVE-2021-23993: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key
Comment 2 Swamp Workflow Management 2021-04-13 16:21:19 UTC 
SUSE-SU-2021:1167-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1177542,1183942,1184536
CVE References: CVE-2021-23981,CVE-2021-23982,CVE-2021-23984,CVE-2021-23987,CVE-2021-23991,CVE-2021-23992
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    MozillaThunderbird-78.9.1-8.20.1
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    MozillaThunderbird-78.9.1-8.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 3 Alexander Bergmann 2021-04-14 07:14:55 UTC 
CVE-2021-23992: A crafted OpenPGP key with an invalid user ID could be used to confuse the user
Comment 4 Swamp Workflow Management 2021-04-19 16:24:23 UTC 
openSUSE-SU-2021:0580-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1177542,1183942,1184536
CVE References: CVE-2021-23981,CVE-2021-23982,CVE-2021-23984,CVE-2021-23987,CVE-2021-23991,CVE-2021-23992,CVE-2021-23993
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    MozillaThunderbird-78.9.1-lp152.2.38.1
Comment 5 Marcus Meissner 2021-08-09 12:15:14 UTC 
done
First Last Prev Next    This bug is not in your last search results.