Synopsis: Important: thunderbird security update Advisory ID: SLSA-2021:0297-1 Issue Date: 2021-01-28 CVE Numbers: CVE-2021-23953 CVE-2021-23954 CVE-2020-26976 CVE-2021-23960 CVE-2021-23964 CVE-2020-15685 -- This update upgrades Thunderbird to version 78.7.0. Security Fix(es): * Mozilla: Cross-origin information leakage via redirected PDF requests (CVE-2021-23953) * Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements (CVE-2021-23954) * Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 (CVE-2021-23964) * Mozilla: IMAP Response Injection when using STARTTLS (CVE-2020-15685) * Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been (CVE-2020-26976) * Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC (CVE-2021-23960) -- SL7 x86_64 thunderbird-78.7.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-78.7.0-1.el7_9.x86_64.rpm - Scientific Linux Development Team