Oval Definition:oval:com.redhat.rhsa:def:20213838
Revision Date:2021-10-13Version:635
Title:RHSA-2021:3838: thunderbird security update (Important)
Description:Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.2.0.

Security Fix(es):

  • Mozilla: Use-after-free in MessageTask (CVE-2021-38496)

  • Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500)

  • Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501)

  • Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502)

  • rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810)

  • Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497)

  • Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2021-32810
    CVE-2021-38496
    CVE-2021-38497
    CVE-2021-38498
    CVE-2021-38500
    CVE-2021-38501
    CVE-2021-38502
    RHSA-2021:3838
    Platform(s):Red Hat Enterprise Linux 8
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • thunderbird is earlier than 0:91.2.0-1.el8_4
  • AND thunderbird is signed with Red Hat redhatrelease2 key
  • AND
  • Red Hat Enterprise Linux 8 is installed
  • OR Red Hat CoreOS 4 is installed
    • BACK