Overview

File _patchinfo of Package patchinfo.17969

<patchinfo incident="17969">
  <issue tracker="bnc" id="1181414">VUL-0: CVE-2021-23953,CVE-2021-23954,CVE-2020-26976,CVE-2021-23960,CVE-2021-23964:  MozillaFirefox,MozillaThunderbird: Update to 78.7 ESR /85 (MFSA 2021-3, MFSA 2021-4)</issue>
  <issue tracker="cve" id="2020-26976"/>
  <issue tracker="cve" id="2021-23953"/>
  <issue tracker="cve" id="2021-23964"/>
  <issue tracker="cve" id="2021-23960"/>
  <issue tracker="cve" id="2021-23954"/>
  <issue tracker="cve" id="2020-15685"/>
  <packager>cgrobertson</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

- Mozilla Thunderbird was updated to 78.7.0 ESR  (MFSA 2021-05, bsc#1181414)
  * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests
  * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements
  * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been
  * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC
  * CVE-2021-23964: Fixed Memory safety bugs
  * CVE-2020-15685: Fixed an IMAP Response Injection when using STARTTLS
  </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places