Oval Definition:oval:org.opensuse.security:def:102348
Revision Date:2022-04-13Version:1
Title:Security update for MozillaThunderbird (Important)
Description:

This update for MozillaThunderbird fixes the following issues:

- Updated to version 91.8 (bsc#1197903): - CVE-2022-1097: Fixed a memory corruption issue with NSSToken objects. - CVE-2022-28281: Fixed a memory corruption issue due to unexpected WebAuthN Extensions. - CVE-2022-1197: Fixed an issue where OpenPGP revocation information was ignored. - CVE-2022-1196: Fixed a memory corruption issue after VR process destruction. - CVE-2022-28282: Fixed a memory corruption issue in document translation. - CVE-2022-28285: Fixed a memory corruption issue in JIT code generation. - CVE-2022-28286: Fixed an iframe layout issue that could have been exploited to stage spoofing attacks. - CVE-2022-24713: Fixed a potential denial of service via complex regular expressions. - CVE-2022-28289: Fixed multiple memory corruption issues.

Non-security fixes:

- Changed Google accounts using password authentication to use OAuth2. - Fixed an issue where OpenPGP ECC keys created by Thunderbird could not be imported into GnuPG. - Fixed an issue where exporting multiple public PGP keys from Thunderbird was not possible. - Fixed an issue where replying to a newsgroup message erroneously displayed a 'No-reply' popup warning. - Fixed an issue with opening older address books. - Fixed an issue where LDAP directories would be lost when switching to 'Offline' mode. - Fixed an issue when importing webcals.
Family:unixClass:patch
Status:Reference(s):1182717
1183120
1183491
1197903
CVE-2021-27363
CVE-2021-27364
CVE-2021-27365
CVE-2022-1097
CVE-2022-1196
CVE-2022-1197
CVE-2022-24713
CVE-2022-28281
CVE-2022-28282
CVE-2022-28285
CVE-2022-28286
CVE-2022-28289
SUSE-SU-2022:1176-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Live Patching 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Workstation Extension 15 SP3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 SP2 is installed
  • AND kernel-livepatch-5_3_18-24_9-default-8-2.2 is installed
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Workstation Extension 15 SP3 is installed
  • AND Package Information
  • MozillaThunderbird-91.8.0-150200.8.65.1 is installed
  • OR MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 is installed
  • OR MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 is installed
  • BACK