Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:GA
patchinfo.25875
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.25875
<patchinfo incident="25875"> <issue tracker="bnc" id="1201758">VUL-0: MozillaFirefox / MozillaThunderbird: update to 103 and 102.1esr/91.12esr</issue> <issue tracker="bnc" id="1202645">VUL-0: MozillaFirefox / MozillaThunderbird: update to 104 and 102.2esr/91.13esr</issue> <issue tracker="bnc" id="1200793">VUL-0: MozillaFirefox / MozillaThunderbird: update to 102 and 91.11esr</issue> <issue tracker="bnc" id="1203007">VUL-0: MozillaThunderbird: update to 102.2.1</issue> <issue tracker="cve" id="2022-34470"/> <issue tracker="cve" id="2022-38476"/> <issue tracker="cve" id="2022-2505"/> <issue tracker="cve" id="2022-36318"/> <issue tracker="cve" id="2022-34481"/> <issue tracker="cve" id="2022-3033"/> <issue tracker="cve" id="2022-38478"/> <issue tracker="cve" id="2022-34478"/> <issue tracker="cve" id="2022-36314"/> <issue tracker="cve" id="2022-38477"/> <issue tracker="cve" id="2022-34484"/> <issue tracker="cve" id="2022-2200"/> <issue tracker="cve" id="2022-34468"/> <issue tracker="cve" id="2022-34472"/> <issue tracker="cve" id="2022-38473"/> <issue tracker="cve" id="2022-38472"/> <issue tracker="cve" id="2022-3032"/> <issue tracker="cve" id="2022-36059"/> <issue tracker="cve" id="2022-2226"/> <issue tracker="cve" id="2022-3034"/> <issue tracker="cve" id="2022-31744"/> <issue tracker="cve" id="2022-36319"/> <issue tracker="cve" id="2022-34479"/> <packager>MSirringhaus</packager> <rating>important</rating> <category>security</category> <summary>Security update for MozillaThunderbird</summary> <description>This update for MozillaThunderbird fixes the following issues: Updated to Mozilla Thunderbird 102.2.2: - CVE-2022-3033: Fixed leaking of sensitive information when composing a response to an HTML email with a META refresh tag (bsc#1203007). - CVE-2022-3032: Fixed missing blocking of remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute (bsc#1203007). - CVE-2022-3034: Fixed issue where iframe element in an HTML email could trigger a network request (bsc#1203007). - CVE-2022-36059: Fixed DoS in Matrix SDK bundled with Thunderbird service attack (bsc#1203007). - CVE-2022-38472: Fixed Address bar spoofing via XSLT error handling (bsc#1202645). - CVE-2022-38473: Fixed cross-origin XSLT Documents inheriting the parent's permissions (bsc#1202645). - CVE-2022-38476: Fixed data race and potential use-after-free in PK11_ChangePW (bsc#1202645). - CVE-2022-38477: Fixed memory safety bugs (bsc#1202645). - CVE-2022-38478: Fixed memory safety bugs (bsc#1202645). - CVE-2022-36319: Fixed mouse position spoofing with CSS transforms (bsc#1201758). - CVE-2022-36318: Fixed directory indexes for bundled resources reflected URL parameters (bsc#1201758). - CVE-2022-36314: Fixed unexpected network loads when opening local .lnk files (bsc#1201758). - CVE-2022-2505: Fixed memory safety bugs (bsc#1201758). - CVE-2022-34479: Fixed vulnerability which could overlay the address bar with web content (bsc#1200793). - CVE-2022-34470: Fixed use-after-free in nsSHistory (bsc#1200793). - CVE-2022-34468: Fixed CSP sandbox header without `allow-scripts` bypass via retargeted javascript (bsc#1200793). - CVE-2022-2226: Fixed emails with a mismatching OpenPGP signature date incorrectly accepted as valid (bsc#1200793). - CVE-2022-34481: Fixed integer overflow in ReplaceElementsAt (bsc#1200793). - CVE-2022-31744: Fixed CSP bypass enabling stylesheet injection (bsc#1200793). - CVE-2022-34472: Fixed unavailable PAC file resulting in OCSP requests being blocked (bsc#1200793). - CVE-2022-34478: Fixed Microsoft protocols attacks if a user accepts a prompt (bsc#1200793). - CVE-2022-2200: Fixed vulnerability where undesired attributes could be set as part of prototype pollution (bsc#1200793). - CVE-2022-34484: Fixed memory safety bugs (bsc#1200793). </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor