SUSE-SU-2024:3507-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:3507-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:3507-1
- Related
- Published
- 2024-10-01T15:02:17Z
- Modified
- 2024-10-01T15:02:17Z
- Summary
- Security update for MozillaThunderbird
- Details
-
This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird 128.2.3
MFSA 2024-43 (bsc#1229821)
- CVE-2024-8394: Crash when aborting verification of OTR chat.
- CVE-2024-8385: WASM type confusion involving ArrayTypes.
- CVE-2024-8381: Type confusion when looking up a property name in a 'with' block.
- CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran.
- CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions.
- CVE-2024-8386: SelectElements could be shown over another site if popups are allowed.
- CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. MFSA 2024-37 (bsc#1228648)
- CVE-2024-7518: Fullscreen notification dialog can be obscured by document content.
- CVE-2024-7519: Out of bounds memory access in graphics shared memory handling.
- CVE-2024-7520: Type confusion in WebAssembly.
- CVE-2024-7521: Incomplete WebAssembly exception handing.
- CVE-2024-7522: Out of bounds read in editor component.
- CVE-2024-7525: Missing permission check when creating a StreamFilter.
- CVE-2024-7526: Uninitialized memory used by WebGL.
- CVE-2024-7527: Use-after-free in JavaScript garbage collection.
- CVE-2024-7528: Use-after-free in IndexedDB.
- CVE-2024-7529: Document content could partially obscure security prompts. MFSA 2024-32 (bsc#1226316)
- CVE-2024-6606: Out-of-bounds read in clipboard component.
- CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented.
- CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock.
- CVE-2024-6609: Memory corruption in NSS.
- CVE-2024-6610: Form validation popups could block exiting full-screen mode.
- CVE-2024-6600: Memory corruption in WebGL API.
- CVE-2024-6601: Race condition in permission assignment.
- CVE-2024-6602: Memory corruption in NSS.
- CVE-2024-6603: Memory corruption in thread creation.
- CVE-2024-6611: Incorrect handling of SameSite cookies.
- CVE-2024-6612: CSP violation leakage when using devtools.
- CVE-2024-6613: Incorrect listing of stack frames.
- CVE-2024-6614: Incorrect listing of stack frames.
- CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, Thunderbird 128, and Thunderbird 115.13.
- CVE-2024-6615: Memory safety bugs fixed in Firefox 128 and Thunderbird 128.
Bug fixes: - Recommend libfido2-udev in order to try to get security keys (e.g. Yubikeys) working out of the box. (bsc#1184272)
- Mozilla Thunderbird 128.2.3
MFSA 2024-43 (bsc#1229821)
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20243507-1/
- https://bugzilla.suse.com/1184272
- https://bugzilla.suse.com/1226316
- https://bugzilla.suse.com/1228648
- https://bugzilla.suse.com/1229821
- https://www.suse.com/security/cve/CVE-2024-6600
- https://www.suse.com/security/cve/CVE-2024-6601
- https://www.suse.com/security/cve/CVE-2024-6602
- https://www.suse.com/security/cve/CVE-2024-6603
- https://www.suse.com/security/cve/CVE-2024-6604
- https://www.suse.com/security/cve/CVE-2024-6606
- https://www.suse.com/security/cve/CVE-2024-6607
- https://www.suse.com/security/cve/CVE-2024-6608
- https://www.suse.com/security/cve/CVE-2024-6609
- https://www.suse.com/security/cve/CVE-2024-6610
- https://www.suse.com/security/cve/CVE-2024-6611
- https://www.suse.com/security/cve/CVE-2024-6612
- https://www.suse.com/security/cve/CVE-2024-6613
- https://www.suse.com/security/cve/CVE-2024-6614
- https://www.suse.com/security/cve/CVE-2024-6615
- https://www.suse.com/security/cve/CVE-2024-7518
- https://www.suse.com/security/cve/CVE-2024-7519
- https://www.suse.com/security/cve/CVE-2024-7520
- https://www.suse.com/security/cve/CVE-2024-7521
- https://www.suse.com/security/cve/CVE-2024-7522
- https://www.suse.com/security/cve/CVE-2024-7525
- https://www.suse.com/security/cve/CVE-2024-7526
- https://www.suse.com/security/cve/CVE-2024-7527
- https://www.suse.com/security/cve/CVE-2024-7528
- https://www.suse.com/security/cve/CVE-2024-7529
- https://www.suse.com/security/cve/CVE-2024-8381
- https://www.suse.com/security/cve/CVE-2024-8382
- https://www.suse.com/security/cve/CVE-2024-8384
- https://www.suse.com/security/cve/CVE-2024-8385
- https://www.suse.com/security/cve/CVE-2024-8386
- https://www.suse.com/security/cve/CVE-2024-8387
- https://www.suse.com/security/cve/CVE-2024-8394
Affected packages
SUSE:Linux Enterprise Module for Package Hub 15 SP5 / MozillaThunderbird
Package
- Name
- MozillaThunderbird
- Purl
- purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
SUSE:Linux Enterprise Module for Package Hub 15 SP6 / MozillaThunderbird
Package
- Name
- MozillaThunderbird
- Purl
- purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
SUSE:Linux Enterprise Workstation Extension 15 SP5 / MozillaThunderbird
Package
- Name
- MozillaThunderbird
- Purl
- purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5
SUSE:Linux Enterprise Workstation Extension 15 SP6 / MozillaThunderbird
Package
- Name
- MozillaThunderbird
- Purl
- purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6
openSUSE:Leap 15.5 / MozillaThunderbird
Package
- Name
- MozillaThunderbird
- Purl
- purl:rpm/suse/MozillaThunderbird&distro=openSUSE%20Leap%2015.5