Mageia alert MGASA-2021-0066 (thunderbird)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2021-0066: Updated thunderbird packages fix security vulnerabilities | |
| Date: | Thu, 04 Feb 2021 14:41:30 +0100 | |
| Message-ID: | <20210204134130.4BCF89F736@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2021-0066 - Updated thunderbird packages fix security vulnerabilities Publication date: 04 Feb 2021 URL: https://advisories.mageia.org/MGASA-2021-0066.html Type: security Affected Mageia releases: 7 CVE: CVE-2021-23953, CVE-2021-23954, CVE-2020-15685, CVE-2020-26976, CVE-2021-23960, CVE-2021-23964 Description: Cross-origin information leakage via redirected PDF requests. (CVE-2021-23953) Type confusion when using logical assignment operators in JavaScript switch statements. (CVE-2021-23954) IMAP Response Injection when using STARTTLS. (CVE-2020-15685) HTTPS pages could have been intercepted by a registered service worker when they should not have been. (CVE-2020-26976) Use-after-poison for incorrectly redeclared JavaScript variables during GC. (CVE-2021-23960) Memory safety bugs fixed in Thunderbird 78.7. (CVE-2021-23964). References: - https://bugs.mageia.org/show_bug.cgi?id=28247 - https://www.mozilla.org/en-US/security/advisories/mfsa202... - https://www.thunderbird.net/en-US/thunderbird/78.7.0/rele... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... SRPMS: - 7/core/thunderbird-78.7.0-1.mga7 - 7/core/thunderbird-l10n-78.7.0-1.mga7