File _patchinfo of Package patchinfo.17968
<patchinfo incident="17968">
<issue tracker="bnc" id="1181414">VUL-0: CVE-2021-23953,CVE-2021-23954,CVE-2020-26976,CVE-2021-23960,CVE-2021-23964: MozillaFirefox,MozillaThunderbird: Update to 78.7 ESR /85 (MFSA 2021-3, MFSA 2021-4)</issue>
<issue tracker="cve" id="2020-26976"/>
<issue tracker="cve" id="2021-23953"/>
<issue tracker="cve" id="2021-23964"/>
<issue tracker="cve" id="2021-23960"/>
<issue tracker="cve" id="2021-23954"/>
<issue tracker="cve" id="2020-15685"/>
<packager>cgrobertson</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for MozillaThunderbird</summary>
<description>This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird was updated to 78.7.0 ESR (MFSA 2021-05, bsc#1181414)
* CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests
* CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements
* CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been
* CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC
* CVE-2021-23964: Fixed Memory safety bugs
* CVE-2020-15685: Fixed an IMAP Response Injection when using STARTTLS
</description>
</patchinfo>