ALSA-2021:5045

Source
https://errata.almalinux.org/8/ALSA-2021-5045.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:5045.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2021:5045
Related
Published
2021-12-09T12:14:59Z
Modified
2021-12-10T10:58:24Z
Summary
Important: thunderbird security update
Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.4.0.

Security Fix(es):

  • Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (BZ#2030116)

  • Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)

  • Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)

  • Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)

  • Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)

  • Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)

  • Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)

  • Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)

  • Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)

  • Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)

  • Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / thunderbird

Package

Name
thunderbird

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
91.4.0-2.el8_5.alma

AlmaLinux:8 / thunderbird

Package

Name
thunderbird

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
91.4.0-2.el8_5.alma.plus