LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Moderate: thunderbird security update
Advisory ID:       SLSA-2021:1192-1
Issue Date:        2021-04-14
CVE Numbers:       CVE-2021-23991
                   CVE-2021-23992
                   CVE-2021-23993
--

This update upgrades Thunderbird to version 78.9.1.

Security Fix(es):

* Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism
to poison an existing key (CVE-2021-23991)

* Mozilla: A crafted OpenPGP key with an invalid user ID could be used to
confuse the user (CVE-2021-23992)

* Mozilla: Inability to send encrypted OpenPGP email after importing a
crafted OpenPGP key (CVE-2021-23993)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
--

- Scientific Linux Development Team