Bugzilla – Bug 1182614
VUL-0: MozillaFirefox / MozillaThunderbird: update to 86 and 78.8.0esr
Last modified: 2022-09-06 16:44:38 UTC
- Mozilla Firefox 86 MFSA 2021-07 * CVE-2021-23969 (bmo#1542194) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23970 (bmo#1681724) Multithreaded WASM triggered assertions validating separation of script domains * CVE-2021-23968 (bmo#1687342) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23974 (bmo#1528997, bmo#1683627) noscript elements could have led to an HTML Sanitizer bypass * CVE-2021-23971 (bmo#1678545) A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer * CVE-2021-23976 (bmo#1684627) Local spoofing of web manifests for arbitrary pages in Firefox for Android * CVE-2021-23977 (bmo#1684761) Malicious application could read sensitive data from Firefox for Android's application directories * CVE-2021-23972 (bmo#1683536) HTTP Auth phishing warning was omitted when a redirect is cached * CVE-2021-23975 (bmo#1685145) about:memory’s Measure function caused an incorrect pointer operation * CVE-2021-23973 (bmo#1690976) MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, bmo#786797) Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 * CVE-2021-23979 (bmo#1663222, bmo#1666607, bmo#1672120, bmo#1678463, bmo#1678927, bmo#1679560, bmo#1681297, bmo#1681684, bmo#1683490, bmo#1684377, bmo#1684902) Memory safety bugs fixed in Firefox 86 - Mozilla Firefox ESR 78.8 MFSA 2021-08 (bsc#) * CVE-2021-23969 (bmo#1542194) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968 (bmo#1687342) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973 (bmo#1690976) MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, bmo#786797) Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
Reference https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/ https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/ - Mozilla Thunderbird 78.8 MFSA 2021-09 * CVE-2021-23969 (bmo#1542194) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968 (bmo#1687342) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973 (bmo#1690976) MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, bmo#786797) Memory safety bugs fixed in Thunderbird 78.8
This is an autogenerated message for OBS integration: This bug (1182614) was mentioned in https://build.opensuse.org/request/show/874775 Factory / MozillaThunderbird
This is an autogenerated message for OBS integration: This bug (1182614) was mentioned in https://build.opensuse.org/request/show/874847 Factory / MozillaFirefox
SUSE-SU-2021:0659-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1182357,1182614 CVE References: CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978 JIRA References: Sources used: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): MozillaFirefox-78.8.0-8.32.2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src): MozillaFirefox-78.8.0-8.32.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0667-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1182357,1182614 CVE References: CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): MozillaFirefox-78.8.0-112.51.1 SUSE OpenStack Cloud Crowbar 8 (src): MozillaFirefox-78.8.0-112.51.1 SUSE OpenStack Cloud 9 (src): MozillaFirefox-78.8.0-112.51.1 SUSE OpenStack Cloud 8 (src): MozillaFirefox-78.8.0-112.51.1 SUSE OpenStack Cloud 7 (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server 12-SP5 (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): MozillaFirefox-78.8.0-112.51.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): MozillaFirefox-78.8.0-112.51.1 HPE Helion Openstack 8 (src): MozillaFirefox-78.8.0-112.51.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14657-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1182357,1182614 CVE References: CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): MozillaFirefox-78.8.0-78.120.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): MozillaFirefox-78.8.0-78.120.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0661-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1182357,1182614 CVE References: CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP2 (src): MozillaThunderbird-78.8.0-8.15.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0676-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1181848,1182357,1182614 CVE References: CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978 JIRA References: Sources used: SUSE Manager Server 4.0 (src): MozillaFirefox-78.8.0-3.133.1 SUSE Manager Retail Branch Server 4.0 (src): MozillaFirefox-78.8.0-3.133.1 SUSE Manager Proxy 4.0 (src): MozillaFirefox-78.8.0-3.133.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): MozillaFirefox-78.8.0-3.133.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): MozillaFirefox-78.8.0-3.133.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): MozillaFirefox-78.8.0-3.133.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): MozillaFirefox-78.8.0-3.133.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): MozillaFirefox-78.8.0-3.133.1 SUSE Enterprise Storage 6 (src): MozillaFirefox-78.8.0-3.133.1 SUSE CaaS Platform 4.0 (src): MozillaFirefox-78.8.0-3.133.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:0373-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1182357,1182614 CVE References: CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978 JIRA References: Sources used: openSUSE Leap 15.2 (src): MozillaFirefox-78.8.0-lp152.2.49.1
openSUSE-SU-2021:0387-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1182357,1182614 CVE References: CVE-2021-23968,CVE-2021-23969,CVE-2021-23973,CVE-2021-23978 JIRA References: Sources used: openSUSE Leap 15.2 (src): MozillaThunderbird-78.8.0-lp152.2.35.1
done