OVAL Reference oval:org.opensuse.security:def:1792

Oval Definition:

oval:org.opensuse.security:def:1792

Revision Date:	2021-12-22	Version:	1
Title:	Security update for MozillaThunderbird (Important)
Description:	This update for MozillaThunderbird fixes the following issues: - Update to version 91.4 MFSA 2021-54 (bsc#1193485) - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - CVE-2021-43528: JavaScript unexpectedly enabled for the composition area - Update to version 91.3.2 - CVE-2021-40529: Fixed ElGamal implementation could allow plaintext recovery (bsc#1190244) - Update to version 91.3 MFSA 2021-50 (bsc#1192250) - CVE-2021-38503: Fixed iframe sandbox rules did not apply to XSLT stylesheets - CVE-2021-38504: Fixed use-after-free in file picker dialog - CVE-2021-38505: Fixed Windows 10 Cloud Clipboard may have recorded sensitive user data - CVE-2021-38506: Fixed Thunderbird could be coaxed into going into fullscreen mode without notification or warning - CVE-2021-38507: Fixed opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports - CVE-2021-38508: Fixed permission Prompt could be overlaid, resulting in user confusion and potential spoofing - CVE-2021-38509: Fixed Javascript alert box could have been spoofed onto an arbitrary domain - CVE-2021-38510: Fixed Download Protections were bypassed by .inetloc files on Mac OS - Fixed plain text reformatting regression (bsc#1182863) - Update to version 91.2 MFSA 2021-47 (bsc#1191332) - CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT - CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion - CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux - CVE-2021-32810: Data race in crossbeam-deque - CVE-2021-38493: Memory safety bugs fixed in Thunderbird 78.14 and Thunderbird 91.1 - CVE-2021-38496: Use-after-free in MessageTask - CVE-2021-38497: Validation message could have been overlaid on another origin - CVE-2021-38498: Use-after-free of nsLanguageAtomService object - CVE-2021-38500: Memory safety bugs fixed in Thunderbird 91.2 - CVE-2021-38501: Memory safety bugs fixed in Thunderbird 91.2 - CVE-2021-38502: Downgrade attack on SMTP STARTTLS connections - Update to version 91.1.0 MFSA 2021-41 (bsc#1190269) - CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer - CVE-2021-38495: Memory safety bugs fixed in Thunderbird 91.1 - Update to version 91.0.1 MFSA 2021-37 (bsc#1189547) - CVE-2021-29991: Header Splitting possible with HTTP/3 Responses
Family:	unix	Class:	patch
Status:		Reference(s):	1093733 1094301 1101776 1101777 1101786 1101788 1101791 1101794 1101800 1101802 1101804 1101810 1106514 1111647 1117740 1121231 1121232 1121233 1121234 1121235 1127367 1127369 1127370 1131941 1131945 1136021 1140844 1141980 1148788 1150690 1152990 1152992 1152994 1152995 1156288 1158505 1159003 1159646 1160594 1160764 1161052 1161779 1162224 1162367 1162396 1162423 1162825 1163184 1163922 1164505 1164804 1165241 1165710 1165784 1166481 1178666 1178667 1178668 1182863 1189547 1190244 1190269 1191332 1192250 1193485 957624 CVE-2012-6708 CVE-2015-9251 CVE-2016-9843 CVE-2017-1000251 CVE-2017-12153 CVE-2017-13080 CVE-2017-14051 CVE-2017-16536 CVE-2017-16537 CVE-2017-16646 CVE-2017-16648 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-10323 CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-12086 CVE-2018-12232 CVE-2018-13053 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 CVE-2018-18225 CVE-2018-18226 CVE-2018-18227 CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 CVE-2018-19627 CVE-2018-19628 CVE-2018-20669 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10897 CVE-2019-10898 CVE-2019-10899 CVE-2019-10900 CVE-2019-10901 CVE-2019-10902 CVE-2019-10903 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-13619 CVE-2019-14615 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-15030 CVE-2019-15031 CVE-2019-15098 CVE-2019-15099 CVE-2019-15290 CVE-2019-15291 CVE-2019-15504 CVE-2019-15845 CVE-2019-16201 CVE-2019-16231 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16254 CVE-2019-16255 CVE-2019-16319 CVE-2019-17133 CVE-2019-17571 CVE-2019-17666 CVE-2019-18198 CVE-2019-18660 CVE-2019-18683 CVE-2019-18786 CVE-2019-18802 CVE-2019-18808 CVE-2019-18809 CVE-2019-18811 CVE-2019-18812 CVE-2019-18813 CVE-2019-19037 CVE-2019-19043 CVE-2019-19044 CVE-2019-19045 CVE-2019-19046 CVE-2019-19047 CVE-2019-19048 CVE-2019-19049 CVE-2019-19050 CVE-2019-19051 CVE-2019-19052 CVE-2019-19053 CVE-2019-19054 CVE-2019-19055 CVE-2019-19056 CVE-2019-19057 CVE-2019-19058 CVE-2019-19060 CVE-2019-19061 CVE-2019-19062 CVE-2019-19063 CVE-2019-19064 CVE-2019-19065 CVE-2019-19066 CVE-2019-19067 CVE-2019-19068 CVE-2019-19069 CVE-2019-19070 CVE-2019-19071 CVE-2019-19072 CVE-2019-19073 CVE-2019-19074 CVE-2019-19075 CVE-2019-19077 CVE-2019-19078 CVE-2019-19080 CVE-2019-19081 CVE-2019-19082 CVE-2019-19083 CVE-2019-19241 CVE-2019-19252 CVE-2019-19332 CVE-2019-19338 CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19526 CVE-2019-19528 CVE-2019-19529 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19553 CVE-2019-19602 CVE-2019-19767 CVE-2019-19768 CVE-2019-19770 CVE-2019-19807 CVE-2019-19922 CVE-2019-19947 CVE-2019-19965 CVE-2019-20422 CVE-2019-3016 CVE-2019-3687 CVE-2019-5716 CVE-2019-5717 CVE-2019-5718 CVE-2019-5719 CVE-2019-5721 CVE-2019-8912 CVE-2019-9208 CVE-2019-9209 CVE-2019-9214 CVE-2019-9674 CVE-2020-0110 CVE-2020-0543 CVE-2020-10029 CVE-2020-10690 CVE-2020-10757 CVE-2020-10942 CVE-2020-11494 CVE-2020-11608 CVE-2020-11884 CVE-2020-12464 CVE-2020-12465 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12655 CVE-2020-12657 CVE-2020-12659 CVE-2020-1749 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 CVE-2020-2732 CVE-2020-7044 CVE-2020-8013 CVE-2020-8130 CVE-2020-8428 CVE-2020-8492 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-8835 CVE-2020-8992 CVE-2020-9383 CVE-2020-9428 CVE-2020-9429 CVE-2020-9430 CVE-2020-9431 CVE-2021-29981 CVE-2021-29982 CVE-2021-29987 CVE-2021-29991 CVE-2021-32810 CVE-2021-38492 CVE-2021-38493 CVE-2021-38495 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510 CVE-2021-40529 CVE-2021-43528 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 SUSE-SU-2020:0053-1 SUSE-SU-2020:0467-1 SUSE-SU-2020:0547-1 SUSE-SU-2020:0668-1 SUSE-SU-2020:0693-1 SUSE-SU-2020:0722-1 SUSE-SU-2020:0737-1 SUSE-SU-2020:3425-1 SUSE-SU-2021:4150-1
Platform(s):	SUSE Linux Enterprise Build System Kit 12 SUSE Linux Enterprise Build System Kit 12 SP1 SUSE Linux Enterprise Build System Kit 12 SP2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise High Availability 12 SUSE Linux Enterprise High Availability 12 SP2 SUSE Linux Enterprise High Availability 12 SP3 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SP1 SUSE Linux Enterprise Module for High Performance Computing 15 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE Linux Enterprise Workstation Extension 15 SP3	Product(s):
Definition Synopsis
SUSE Linux Enterprise Build System Kit 12 is installed AND kernel-zfcpdump-3.12.51-52.34 is installed
Definition Synopsis
SUSE Linux Enterprise Build System Kit 12 SP1 is installed AND kernel-zfcpdump-3.12.51-60.20 is installed
Definition Synopsis
SUSE Linux Enterprise Build System Kit 12 SP2 is installed AND kernel-zfcpdump-4.4.74-92.29 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information libldap-2_4-2-2.4.39-16.1 is installed OR libldap-2_4-2-32bit-2.4.39-16.1 is installed OR openldap2-client-2.4.39-16.1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND w3m-0.5.3-153 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-28 is installed OR aaa_base-extras-13.2+git20140911.61c1681-28 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information MozillaFirefox-52.2.0esr-108 is installed OR MozillaFirefox-translations-52.2.0esr-108 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Development Tools 15 is installed AND zlib-devel-32bit-1.2.11-1.422 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Desktop 15 SP3 is installed OR SUSE Linux Enterprise Server 15 SP3 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed OR SUSE Linux Enterprise Workstation Extension 15 SP3 is installed AND Package Information MozillaThunderbird-91.4.0-8.45.2 is installed OR MozillaThunderbird-translations-common-91.4.0-8.45.2 is installed OR MozillaThunderbird-translations-other-91.4.0-8.45.2 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP2 is installed AND haproxy-1.6.5-5 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP3 is installed AND conntrack-tools-1.4.2-5 is installed
Definition Synopsis
SUSE Linux Enterprise Live Patching 12 is installed AND Package Information kgraft-patch-3_12_57-60_35-default-4-2.1 is installed OR kgraft-patch-3_12_57-60_35-xen-4-2.1 is installed OR kgraft-patch-SLE12-SP1_Update_4-4-2.1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Advanced Systems Management 12 is installed AND Package Information puppet-3.6.2-3 is installed OR puppet-server-3.6.2-3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed AND Package Information libpq5-12.5-3.15 is installed OR libpq5-32bit-12.5-3.15 is installed OR postgresql12-12.5-3.15 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND Package Information libvpx-1.6.1-6.6 is installed OR libvpx4-1.6.1-6.6 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Containers 12 is installed AND python-PyYAML-3.10-15 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Containers 15 SP1 is installed AND buildah-1.7.1-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information typelib-1_0-JavaScriptCore-4_0-2.20.3-3.3 is installed OR typelib-1_0-WebKit2-4_0-2.20.3-3.3 is installed OR typelib-1_0-WebKit2WebExtension-4_0-2.20.3-3.3 is installed OR webkit2gtk3-2.20.3-3.3 is installed OR webkit2gtk3-devel-2.20.3-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed AND Package Information bluez-5.48-5.16 is installed OR bluez-devel-5.48-5.16 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Development Tools 15 is installed AND Package Information kernel-docs-4.12.14-25.19 is installed OR kernel-obs-build-4.12.14-25.19 is installed OR kernel-source-4.12.14-25.19 is installed OR kernel-syms-4.12.14-25.19 is installed OR kernel-vanilla-4.12.14-25.19 is installed OR kernel-vanilla-base-4.12.14-25.19 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Development Tools 15 SP1 is installed AND Package Information ImageMagick-7.0.7.34-3.61 is installed OR perl-PerlMagick-7.0.7.34-3.61 is installed
Definition Synopsis
SUSE Linux Enterprise Module for High Performance Computing 15 is installed AND Package Information libpmi0-17.11.7-6.3 is installed OR libslurm32-17.11.7-6.3 is installed OR perl-slurm-17.11.7-6.3 is installed OR slurm-17.11.7-6.3 is installed OR slurm-auth-none-17.11.7-6.3 is installed OR slurm-config-17.11.7-6.3 is installed OR slurm-devel-17.11.7-6.3 is installed OR slurm-doc-17.11.7-6.3 is installed OR slurm-lua-17.11.7-6.3 is installed OR slurm-munge-17.11.7-6.3 is installed OR slurm-node-17.11.7-6.3 is installed OR slurm-pam_slurm-17.11.7-6.3 is installed OR slurm-plugins-17.11.7-6.3 is installed OR slurm-slurmdbd-17.11.7-6.3 is installed OR slurm-sql-17.11.7-6.3 is installed OR slurm-torque-17.11.7-6.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 12 is installed AND Package Information libopenssl0_9_8-0.9.8j-59 is installed OR libopenssl0_9_8-32bit-0.9.8j-59 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 15 is installed AND Package Information kernel-default-4.12.14-25.13 is installed OR reiserfs-kmp-default-4.12.14-25.13 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-25_3-default-2-2 is installed OR kernel-livepatch-SLE15_Update_1-2-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND Package Information kernel-default-4.12.14-25.25 is installed OR kernel-default-base-4.12.14-25.25 is installed OR kernel-docs-4.12.14-25.25 is installed OR kernel-docs-html-4.12.14-25.25 is installed OR kernel-obs-qa-4.12.14-25.25 is installed OR kselftests-kmp-default-4.12.14-25.25 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND Package Information ncat-7.70-3.5 is installed OR ndiff-7.70-3.5 is installed OR nmap-7.70-3.5 is installed OR nping-7.70-3.5 is installed OR zenmap-7.70-3.5 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Public Cloud 12 is installed AND python-pycrypto-2.6.1-1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information openslp-2.0.0-6.3 is installed OR openslp-server-2.0.0-6.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Web Scripting 12 is installed AND Package Information nodejs6-6.9.5-7 is installed OR nodejs6-devel-6.9.5-7 is installed OR nodejs6-docs-6.9.5-7 is installed OR npm6-6.9.5-7 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 is installed AND apache-commons-httpclient-3.1-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libMagickCore-6_Q16-1-6.8.8.1-33 is installed OR libMagickWand-6_Q16-1-6.8.8.1-33 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libgssglue1-0.4-3.83 is installed OR libgssglue1-32bit-0.4-3.83 is installed
Definition Synopsis
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND Package Information libldap-2_4-2-2.4.41-18.25.1 is installed OR openldap2-2.4.41-18.25.1 is installed OR openldap2-back-meta-2.4.41-18.25.1 is installed OR openldap2-client-2.4.41-18.25.1 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 is installed AND sudo-devel-1.8.10p3-1.62 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP1 is installed AND Package Information ImageMagick-6.8.8.1-8.2 is installed OR ImageMagick-devel-6.8.8.1-8.2 is installed OR libMagick++-6_Q16-3-6.8.8.1-8.2 is installed OR libMagick++-devel-6.8.8.1-8.2 is installed OR perl-PerlMagick-6.8.8.1-8.2 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information MozillaThunderbird-68.2.1-3.58 is installed OR MozillaThunderbird-translations-common-68.2.1-3.58 is installed OR MozillaThunderbird-translations-other-68.2.1-3.58 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 SP2 is installed AND kernel-default-extra-5.3.18-22 is installed

BACK