Scientific Linux alert SLSA-2021:0297-1 (thunderbird)


From:
               Pat Riehecky <riehecky@fnal.gov>
To:
               scientific-linux-errata@listserv.fnal.gov
Subject:
               Security ERRATA Important: thunderbird on SL7.x x86_64
Date:
               Thu, 28 Jan 2021 20:04:41 -0000
Message-ID:
               <20210128200441.8251.67234@slpackages.fnal.gov>
Synopsis:          Important: thunderbird security update
Advisory ID:       SLSA-2021:0297-1
Issue Date:        2021-01-28
CVE Numbers:       CVE-2021-23953
                   CVE-2021-23954
                   CVE-2020-26976
                   CVE-2021-23960
                   CVE-2021-23964
                   CVE-2020-15685
--

This update upgrades Thunderbird to version 78.7.0.

Security Fix(es):

* Mozilla: Cross-origin information leakage via redirected PDF requests
(CVE-2021-23953)

* Mozilla: Type confusion when using logical assignment operators in
JavaScript switch statements (CVE-2021-23954)

* Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
(CVE-2021-23964)

* Mozilla: IMAP Response Injection when using STARTTLS (CVE-2020-15685)

* Mozilla: HTTPS pages could have been intercepted by a registered service
worker when they should not have been (CVE-2020-26976)

* Mozilla: Use-after-poison for incorrectly redeclared JavaScript
variables during GC (CVE-2021-23960)
--

SL7
  x86_64
    thunderbird-78.7.0-1.el7_9.x86_64.rpm
    thunderbird-debuginfo-78.7.0-1.el7_9.x86_64.rpm

- Scientific Linux Development Team

From:		Pat Riehecky <riehecky@fnal.gov>
To:		scientific-linux-errata@listserv.fnal.gov
Subject:		Security ERRATA Important: thunderbird on SL7.x x86_64
Date:		Thu, 28 Jan 2021 20:04:41 -0000
Message-ID:		<20210128200441.8251.67234@slpackages.fnal.gov>