Lucene search

K
altlinuxHttps://packages.altlinux.org/en/sisyphus/security/D57E6182D6B312C943D4EF6CB0BE9D53
HistoryNov 10, 2021 - 12:00 a.m.

Security fix for the ALT Linux 10 package thunderbird version 91.3.0-alt1

2021-11-1000:00:00
https://packages.altlinux.org/en/sisyphus/security/
packages.altlinux.org
32
thunderbird
security fix
alt linux 10
cve-2021-38503
cve-2021-38504
cve-2021-38505
cve-2021-38506
cve-2021-38507
cve-2021-38508
cve-2021-38509
cve-2021-38510
disable telemetry.

EPSS

0.007

Percentile

80.5%

91.3.0-alt1 built Nov. 10, 2021 Andrey Cherepanov in task #288818

Nov. 3, 2021 Andrey Cherepanov

- New version.
- Security fixes:
  + CVE-2021-38503 iframe sandbox rules did not apply to XSLT stylesheets
  + CVE-2021-38504 Use-after-free in file picker dialog
  + CVE-2021-38505 Windows 10 Cloud Clipboard may have recorded sensitive user data
  + CVE-2021-38506 Thunderbird could be coaxed into going into fullscreen mode without notification or warning
  + CVE-2021-38507 Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
  + CVE-2021-38508 Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
  + CVE-2021-38509 Javascript alert box could have been spoofed onto an arbitrary domain
  + CVE-2021-38510 Download Protections were bypassed by .inetloc files on Mac OS
- Disable telemetry by default.