Oval Definition:	oval:org.opensuse.security:def:524
Revision Date: 2022-06-13 Version: 1 Title: Security update for MozillaThunderbird (Important) Description: This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 91.9.1 MFSA 2022-19 (bsc#1199768): - CVE-2022-1802: Prototype pollution in Top-Level Await implementation (bmo#1770137). - CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution (bmo#1770048). Update to Mozilla Thunderbird 91.10 MFSA 2022-22 (bsc#1200027): - CVE-2022-31736: Cross-Origin resource's length leaked (bmo#1735923) - CVE-2022-31737: Heap buffer overflow in WebGL (bmo#1743767) - CVE-2022-31738: Browser window spoof using fullscreen mode (bmo#1756388) - CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files (bmo#1765049) - CVE-2022-31740: Register allocation problem in WASM on arm64 (bmo#1766806) - CVE-2022-31741: Uninitialized variable leads to invalid memory read (bmo#1767590) - CVE-2022-1834: Braille space character caused incorrect sender email to be shown for a digitally signed email (bmo#1767816) - CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information (bmo#1730434) - CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10 (bmo#1760765, bmo#1765610, bmo#1766283, bmo#1767365, bmo#1768559, bmo#1768734) Family: unix Class: patch Status: Reference(s): 1199768 1200027 CVE-2011-2489 CVE-2011-2489 CVE-2011-2490 CVE-2011-2490 CVE-2022-1529 CVE-2022-1802 CVE-2022-1834 CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31739 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 SUSE-SU-2022:2062-1 Platform(s): openSUSE 13.1 openSUSE Leap 15.4 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise for SAP 12 SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Workstation Extension 15 SUSE Manager Proxy 4.0 SUSE Manager Server 4.0 Product(s): Definition Synopsis openSUSE Leap 15.4 is installed AND Package Information MozillaThunderbird-91.10.0-150200.8.73.1 is installed OR MozillaThunderbird-translations-common-91.10.0-150200.8.73.1 is installed OR MozillaThunderbird-translations-other-91.10.0-150200.8.73.1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND busybox-1.21.1-3 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed AND opie-32bit-2.4-1.96 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed AND opie-32bit-2.4-1 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information bluez-5.48-5.16 is installed OR bluez-devel-5.48-5.16 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information NetworkManager-applet-1.8.10-3 is installed OR NetworkManager-applet-lang-1.8.10-3 is installed OR NetworkManager-connection-editor-1.8.10-3 is installed
BACK