SCIENTIFIC-LINUX-ERRATA Archives

January 2021

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: thunderbird on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Thu, 28 Jan 2021 20:04:41 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (40 lines) 
Synopsis:          Important: thunderbird security update

Advisory ID:       SLSA-2021:0297-1

Issue Date:        2021-01-28

CVE Numbers:       CVE-2021-23953

                   CVE-2021-23954

                   CVE-2020-26976

                   CVE-2021-23960

                   CVE-2021-23964

                   CVE-2020-15685

--



This update upgrades Thunderbird to version 78.7.0.



Security Fix(es):



* Mozilla: Cross-origin information leakage via redirected PDF requests

(CVE-2021-23953)



* Mozilla: Type confusion when using logical assignment operators in

JavaScript switch statements (CVE-2021-23954)



* Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7

(CVE-2021-23964)



* Mozilla: IMAP Response Injection when using STARTTLS (CVE-2020-15685)



* Mozilla: HTTPS pages could have been intercepted by a registered service

worker when they should not have been (CVE-2020-26976)



* Mozilla: Use-after-poison for incorrectly redeclared JavaScript

variables during GC (CVE-2021-23960)

--



SL7

  x86_64

    thunderbird-78.7.0-1.el7_9.x86_64.rpm

    thunderbird-debuginfo-78.7.0-1.el7_9.x86_64.rpm



- Scientific Linux Development Team

ATOM RSS1 RSS2