Bugzilla – Bug 1193485
VUL-0: MozillaFirefox / MozillaThunderbird: update to 95 and 91.4esr
Last modified: 2022-12-23 07:25:23 UTC
- Mozilla Firefox 95 MFSA 2021-52 * CVE-2021-43536 (bmo#1730120) URL leakage when navigating while executing asynchronous function * CVE-2021-43537 (bmo#1738237) Heap buffer overflow when using structured clone * CVE-2021-43538 (bmo#1739091) Missing fullscreen and pointer lock notification when requesting both * CVE-2021-43539 (bmo#1739683) GC rooting failure when calling wasm instance methods * MOZ-2021-0010 (bmo#1735852) Use-after-free in fullscreen objects on MacOS * CVE-2021-43540 (bmo#1636629) WebExtensions could have installed persistent ServiceWorkers * CVE-2021-43541 (bmo#1696685) External protocol handler parameters were unescaped * CVE-2021-43542 (bmo#1723281) XMLHttpRequest error codes could have leaked the existence of an external protocol handler * CVE-2021-43543 (bmo#1738418) Bypass of CSP sandbox directive when embedding * CVE-2021-43544 (bmo#1739934) Receiving a malicious URL as text through a SEND intent could have led to XSS * CVE-2021-43545 (bmo#1720926) Denial of Service when using the Location API in a loop * CVE-2021-43546 (bmo#1737751) Cursor spoofing could overlay user interface when native cursor is zoomed * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751, bmo#1737009, bmo#1739372, bmo#1739421) Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 - Mozilla Firefox ESR 91.4.0 MFSA 2021-53 * CVE-2021-43536 (bmo#1730120) URL leakage when navigating while executing asynchronous function * CVE-2021-43537 (bmo#1738237) Heap buffer overflow when using structured clone * CVE-2021-43538 (bmo#1739091) Missing fullscreen and pointer lock notification when requesting both * CVE-2021-43539 (bmo#1739683) GC rooting failure when calling wasm instance methods * CVE-2021-43541 (bmo#1696685) External protocol handler parameters were unescaped * CVE-2021-43542 (bmo#1723281) XMLHttpRequest error codes could have leaked the existence of an external protocol handler * CVE-2021-43543 (bmo#1738418) Bypass of CSP sandbox directive when embedding * CVE-2021-43545 (bmo#1720926) Denial of Service when using the Location API in a loop * CVE-2021-43546 (bmo#1737751) Cursor spoofing could overlay user interface when native cursor is zoomed * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751, bmo#1737009, bmo#1739372, bmo#1739421) Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 - Mozilla Thunderbird 91.4.0 MFSA 2021-54 * CVE-2021-43536 (bmo#1730120) URL leakage when navigating while executing asynchronous function * CVE-2021-43537 (bmo#1738237) Heap buffer overflow when using structured clone * CVE-2021-43538 (bmo#1739091) Missing fullscreen and pointer lock notification when requesting both * CVE-2021-43539 (bmo#1739683) GC rooting failure when calling wasm instance methods * CVE-2021-43541 (bmo#1696685) External protocol handler parameters were unescaped * CVE-2021-43542 (bmo#1723281) XMLHttpRequest error codes could have leaked the existence of an external protocol handler * CVE-2021-43543 (bmo#1738418) Bypass of CSP sandbox directive when embedding * CVE-2021-43545 (bmo#1720926) Denial of Service when using the Location API in a loop * CVE-2021-43546 (bmo#1737751) Cursor spoofing could overlay user interface when native cursor is zoomed * CVE-2021-43528 (bmo#1742579) JavaScript unexpectedly enabled for the composition area * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751, bmo#1737009, bmo#1739372, bmo#1739421) Memory safety bugs fixed in Thunderbird 91.4.0
This is an autogenerated message for OBS integration: This bug (1193485) was mentioned in https://build.opensuse.org/request/show/936364 Factory / MozillaFirefox https://build.opensuse.org/request/show/936365 Factory / MozillaThunderbird
SUSE-SU-2021:3993-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 1193321,1193485 CVE References: CVE-2021-43536,CVE-2021-43537,CVE-2021-43538,CVE-2021-43539,CVE-2021-43541,CVE-2021-43542,CVE-2021-43543,CVE-2021-43545,CVE-2021-43546 JIRA References: Sources used: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): MozillaFirefox-91.4.0-152.9.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src): MozillaFirefox-91.4.0-152.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:3993-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 1193321,1193485 CVE References: CVE-2021-43536,CVE-2021-43537,CVE-2021-43538,CVE-2021-43539,CVE-2021-43541,CVE-2021-43542,CVE-2021-43543,CVE-2021-43545,CVE-2021-43546 JIRA References: Sources used: openSUSE Leap 15.3 (src): MozillaFirefox-91.4.0-152.9.1
SUSE-SU-2021:14859-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 1193321,1193485 CVE References: CVE-2021-43536,CVE-2021-43537,CVE-2021-43538,CVE-2021-43539,CVE-2021-43541,CVE-2021-43542,CVE-2021-43543,CVE-2021-43545,CVE-2021-43546 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): MozillaFirefox-91.4.0-78.154.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): MozillaFirefox-91.4.0-78.154.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3995-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 1193321,1193485 CVE References: CVE-2021-43536,CVE-2021-43537,CVE-2021-43538,CVE-2021-43539,CVE-2021-43541,CVE-2021-43542,CVE-2021-43543,CVE-2021-43545,CVE-2021-43546 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): MozillaFirefox-91.4.0-150.9.1 SUSE Linux Enterprise Server for SAP 15 (src): MozillaFirefox-91.4.0-150.9.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): MozillaFirefox-91.4.0-150.9.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): MozillaFirefox-91.4.0-150.9.1 SUSE Linux Enterprise Server 15-LTSS (src): MozillaFirefox-91.4.0-150.9.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): MozillaFirefox-91.4.0-150.9.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): MozillaFirefox-91.4.0-150.9.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): MozillaFirefox-91.4.0-150.9.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): MozillaFirefox-91.4.0-150.9.1 SUSE Enterprise Storage 6 (src): MozillaFirefox-91.4.0-150.9.1 SUSE CaaS Platform 4.0 (src): MozillaFirefox-91.4.0-150.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:1575-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 1193321,1193485 CVE References: CVE-2021-43536,CVE-2021-43537,CVE-2021-43538,CVE-2021-43539,CVE-2021-43541,CVE-2021-43542,CVE-2021-43543,CVE-2021-43545,CVE-2021-43546 JIRA References: Sources used: openSUSE Leap 15.2 (src): MozillaFirefox-91.4.0-lp152.2.74.1
SUSE-SU-2021:4000-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 1193321,1193485 CVE References: CVE-2021-43536,CVE-2021-43537,CVE-2021-43538,CVE-2021-43539,CVE-2021-43541,CVE-2021-43542,CVE-2021-43543,CVE-2021-43545,CVE-2021-43546 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): MozillaFirefox-91.4.0-112.83.1 SUSE OpenStack Cloud Crowbar 8 (src): MozillaFirefox-91.4.0-112.83.1 SUSE OpenStack Cloud 9 (src): MozillaFirefox-91.4.0-112.83.1 SUSE OpenStack Cloud 8 (src): MozillaFirefox-91.4.0-112.83.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): MozillaFirefox-91.4.0-112.83.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): MozillaFirefox-91.4.0-112.83.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): MozillaFirefox-91.4.0-112.83.1 SUSE Linux Enterprise Server 12-SP5 (src): MozillaFirefox-91.4.0-112.83.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): MozillaFirefox-91.4.0-112.83.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): MozillaFirefox-91.4.0-112.83.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): MozillaFirefox-91.4.0-112.83.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): MozillaFirefox-91.4.0-112.83.1 HPE Helion Openstack 8 (src): MozillaFirefox-91.4.0-112.83.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:4150-1: An update that fixes 33 vulnerabilities is now available. Category: security (important) Bug References: 1182863,1189547,1190244,1190269,1191332,1192250,1193485 CVE References: CVE-2021-29981,CVE-2021-29982,CVE-2021-29987,CVE-2021-29991,CVE-2021-32810,CVE-2021-38492,CVE-2021-38493,CVE-2021-38495,CVE-2021-38496,CVE-2021-38497,CVE-2021-38498,CVE-2021-38500,CVE-2021-38501,CVE-2021-38502,CVE-2021-38503,CVE-2021-38504,CVE-2021-38505,CVE-2021-38506,CVE-2021-38507,CVE-2021-38508,CVE-2021-38509,CVE-2021-38510,CVE-2021-40529,CVE-2021-43528,CVE-2021-43536,CVE-2021-43537,CVE-2021-43538,CVE-2021-43539,CVE-2021-43541,CVE-2021-43542,CVE-2021-43543,CVE-2021-43545,CVE-2021-43546 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP3 (src): MozillaThunderbird-91.4.0-8.45.2 SUSE Linux Enterprise Workstation Extension 15-SP2 (src): MozillaThunderbird-91.4.0-8.45.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:4150-1: An update that fixes 33 vulnerabilities is now available. Category: security (important) Bug References: 1182863,1189547,1190244,1190269,1191332,1192250,1193485 CVE References: CVE-2021-29981,CVE-2021-29982,CVE-2021-29987,CVE-2021-29991,CVE-2021-32810,CVE-2021-38492,CVE-2021-38493,CVE-2021-38495,CVE-2021-38496,CVE-2021-38497,CVE-2021-38498,CVE-2021-38500,CVE-2021-38501,CVE-2021-38502,CVE-2021-38503,CVE-2021-38504,CVE-2021-38505,CVE-2021-38506,CVE-2021-38507,CVE-2021-38508,CVE-2021-38509,CVE-2021-38510,CVE-2021-40529,CVE-2021-43528,CVE-2021-43536,CVE-2021-43537,CVE-2021-43538,CVE-2021-43539,CVE-2021-43541,CVE-2021-43542,CVE-2021-43543,CVE-2021-43545,CVE-2021-43546 JIRA References: Sources used: openSUSE Leap 15.3 (src): MozillaThunderbird-91.4.0-8.45.2
openSUSE-SU-2021:1635-1: An update that fixes 33 vulnerabilities is now available. Category: security (important) Bug References: 1182863,1189547,1190244,1190269,1191332,1192250,1193485 CVE References: CVE-2021-29981,CVE-2021-29982,CVE-2021-29987,CVE-2021-29991,CVE-2021-32810,CVE-2021-38492,CVE-2021-38493,CVE-2021-38495,CVE-2021-38496,CVE-2021-38497,CVE-2021-38498,CVE-2021-38500,CVE-2021-38501,CVE-2021-38502,CVE-2021-38503,CVE-2021-38504,CVE-2021-38505,CVE-2021-38506,CVE-2021-38507,CVE-2021-38508,CVE-2021-38509,CVE-2021-38510,CVE-2021-40529,CVE-2021-43528,CVE-2021-43536,CVE-2021-43537,CVE-2021-43538,CVE-2021-43539,CVE-2021-43541,CVE-2021-43542,CVE-2021-43543,CVE-2021-43545,CVE-2021-43546 JIRA References: Sources used: openSUSE Leap 15.2 (src): MozillaThunderbird-91.4.0-lp152.2.52.1
The MFSA 2021-54 is now mentioning 1 additional CVE. CVE-2021-4129: Memory safety bugs fixed in Thunderbird 91.4.0 References: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/
released
An additional CVE was assigned to this Mozilla Foundation Security Advisory 2021-52: CVE-2021-4128: Use-after-free in fullscreen objects on MacOS
An additional CVE was assigned to this Mozilla Foundation Security Advisory 2021-52: CVE-2021-4129: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4