Bugzilla – Bug 1184960
VUL-0: MozillaFirefox / MozillaThunderbird: update to 88 and 78.10.0esr
Last modified: 2022-09-06 16:44:45 UTC
- Mozilla Thunderbird 78.10 MFSA 2021-14 * CVE-2021-23994 (bmo#1699077) Out of bound write due to lazy initialization * CVE-2021-23995 (bmo#1699835) Use-after-free in Responsive Design Mode * CVE-2021-23998 (bmo#1667456) Secure Lock icon could have been spoofed * CVE-2021-23961 (bmo#1677940) More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999 (bmo#1691153) Blob URLs may have been granted additional privileges * CVE-2021-24002 (bmo#1702374) Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945 (bmo#1700690) Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946 (bmo#1698503) Port blocking could be bypassed * CVE-2021-29948 (bmo#1692899) Race condition when reading from disk while verifying signatures - Mozilla Firefox ESR 78.10 MFSA 2021-15 * CVE-2021-23994 (bmo#1699077) Out of bound write due to lazy initialization * CVE-2021-23995 (bmo#1699835) Use-after-free in Responsive Design Mode * CVE-2021-23998 (bmo#1667456) Secure Lock icon could have been spoofed * CVE-2021-23961 (bmo#1677940) More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999 (bmo#1691153) Blob URLs may have been granted additional privileges * CVE-2021-24002 (bmo#1702374) Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945 (bmo#1700690) Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946 (bmo#1698503) Port blocking could be bypassed - Mozilla Firefox 88 MFSA 2021-16 * CVE-2021-23994 (bmo#1699077) Out of bound write due to lazy initialization * CVE-2021-23995 (bmo#1699835) Use-after-free in Responsive Design Mode * CVE-2021-23996 (bmo#1701834) Content rendered outside of webpage viewport * CVE-2021-23997 (bmo#1701942) Use-after-free when freeing fonts from cache * CVE-2021-23998 (bmo#1667456) Secure Lock icon could have been spoofed * CVE-2021-23999 (bmo#1691153) Blob URLs may have been granted additional privileges * CVE-2021-24000 (bmo#1694698) requestPointerLock() could be applied to a tab different from the visible tab * CVE-2021-24001 (bmo#1694727) Testing code could have enabled session history manipulations by a compromised content process * CVE-2021-24002 (bmo#1702374) Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945 (bmo#1700690) Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29944 (bmo#1697604) HTML injection vulnerability in Firefox for Android's Reader View * CVE-2021-29946 (bmo#1698503) Port blocking could be bypassed * CVE-2021-29947 (bmo#1651449, bmo#1674142, bmo#1693476, bmo#1696886, bmo#1700091) Memory safety bugs fixed in Firefox 88
This is an autogenerated message for OBS integration: This bug (1184960) was mentioned in https://build.opensuse.org/request/show/886906 Factory / MozillaThunderbird
SUSE-SU-2021:1307-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1184960 CVE References: CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946 JIRA References: Sources used: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): MozillaFirefox-78.10.0-8.38.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src): MozillaFirefox-78.10.0-8.38.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:0621-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1184960 CVE References: CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946 JIRA References: Sources used: openSUSE Leap 15.2 (src): MozillaFirefox-78.10.0-lp152.2.55.1
SUSE-SU-2021:1325-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1184960 CVE References: CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): MozillaFirefox-78.10.0-112.57.2 SUSE OpenStack Cloud Crowbar 8 (src): MozillaFirefox-78.10.0-112.57.2 SUSE OpenStack Cloud 9 (src): MozillaFirefox-78.10.0-112.57.2 SUSE OpenStack Cloud 8 (src): MozillaFirefox-78.10.0-112.57.2 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): MozillaFirefox-78.10.0-112.57.2 SUSE Linux Enterprise Server for SAP 12-SP4 (src): MozillaFirefox-78.10.0-112.57.2 SUSE Linux Enterprise Server for SAP 12-SP3 (src): MozillaFirefox-78.10.0-112.57.2 SUSE Linux Enterprise Server 12-SP5 (src): MozillaFirefox-78.10.0-112.57.2 SUSE Linux Enterprise Server 12-SP4-LTSS (src): MozillaFirefox-78.10.0-112.57.2 SUSE Linux Enterprise Server 12-SP3-LTSS (src): MozillaFirefox-78.10.0-112.57.2 SUSE Linux Enterprise Server 12-SP3-BCL (src): MozillaFirefox-78.10.0-112.57.2 SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (src): MozillaFirefox-78.10.0-112.57.2 SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (src): MozillaFirefox-78.10.0-112.57.2 SUSE Linux Enterprise Server 12-SP2-BCL (src): MozillaFirefox-78.10.0-112.57.2 HPE Helion Openstack 8 (src): MozillaFirefox-78.10.0-112.57.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14708-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1184960 CVE References: CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): MozillaFirefox-78.10.0-78.126.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): MozillaFirefox-78.10.0-78.126.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1432-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 1184960 CVE References: CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946,CVE-2021-29948 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP3 (src): MozillaThunderbird-78.10.0-8.23.1 SUSE Linux Enterprise Workstation Extension 15-SP2 (src): MozillaThunderbird-78.10.0-8.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1433-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1184960 CVE References: CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946 JIRA References: Sources used: SUSE Manager Server 4.0 (src): MozillaFirefox-78.10.0-3.139.1 SUSE Manager Retail Branch Server 4.0 (src): MozillaFirefox-78.10.0-3.139.1 SUSE Manager Proxy 4.0 (src): MozillaFirefox-78.10.0-3.139.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): MozillaFirefox-78.10.0-3.139.1 SUSE Linux Enterprise Server for SAP 15 (src): MozillaFirefox-78.10.0-3.139.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): MozillaFirefox-78.10.0-3.139.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): MozillaFirefox-78.10.0-3.139.1 SUSE Linux Enterprise Server 15-LTSS (src): MozillaFirefox-78.10.0-3.139.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): MozillaFirefox-78.10.0-3.139.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): MozillaFirefox-78.10.0-3.139.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): MozillaFirefox-78.10.0-3.139.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): MozillaFirefox-78.10.0-3.139.1 SUSE Enterprise Storage 6 (src): MozillaFirefox-78.10.0-3.139.1 SUSE CaaS Platform 4.0 (src): MozillaFirefox-78.10.0-3.139.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:0644-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 1184960 CVE References: CVE-2021-23961,CVE-2021-23994,CVE-2021-23995,CVE-2021-23998,CVE-2021-23999,CVE-2021-24002,CVE-2021-29945,CVE-2021-29946,CVE-2021-29948 JIRA References: Sources used: openSUSE Leap 15.2 (src): MozillaThunderbird-78.10.0-lp152.2.41.1
done