openSUSE-SU-2021:2003-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:2003-1.json

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2021:2003-1

Related

CVE-2021-29964
CVE-2021-29967

Published

2021-07-10T06:52:59Z

Modified

2021-07-10T06:52:59Z

Summary

Security update for MozillaThunderbird

Details

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird 78.11 (bsc#1186696)

Security issues fixed:

CVE-2021-29964: Out of bounds-read when parsing a WM_COPYDATA message
CVE-2021-29967: Memory safety bugs fixed in Thunderbird 78.11

General improvements:

OpenPGP could not be disabled for an account if a key was previously configured
Recipients were unable to decrypt some messages when the sender had changed the message encryption from OpenPGP to S/MIME
Contacts moved between CardDAV address books were not synced to the new server
CardDAV compatibility fixes for Google Contacts
Folder pane had no clear indication of focus on macOS

References

Affected packages

openSUSE:Leap 15.3 / MozillaThunderbird

Package

Name: MozillaThunderbird
Purl: purl:rpm/suse/MozillaThunderbird&distro=openSUSE%20Leap%2015.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

78.11.0-8.30.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird": "78.11.0-8.30.1",
            "MozillaThunderbird-translations-other": "78.11.0-8.30.1",
            "MozillaThunderbird-translations-common": "78.11.0-8.30.1"
        }
    ]
}