Lucene search

K
suse
SuseOPENSUSE-SU-2022:0108-1
HistoryApr 08, 2022 - 12:00 a.m.

Security update for seamonkey (important)

2022-04-0800:00:00
lists.opensuse.org
25

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

An update that solves 12 vulnerabilities and has three
fixes is now available.

Description:

SeaMonkey was updated to 2.53.11.1:

Update to SeaMonkey 2.53.11.1

  • Fix edge case when setting IntersectionObserver threshold bug 1758291.

  • OAuth2 prefs should use realuserName instead of username bug 1518126.

  • SeaMonkey 2.53.11.1 uses the same backend as Firefox and contains the
    relevant Firefox 60.8 security fixes.

  • SeaMonkey 2.53.11.1 shares most parts of the mail and news code with
    Thunderbird. Please read the Thunderbird 60.8.0 release notes for
    specific security fixes in this release.

  • Additional important security fixes up to Current Firefox 91.7 and
    Thunderbird 91.7 ESR plus many enhancements have been backported. We
    will continue to enhance SeaMonkey security in subsequent 2.53.x beta
    and release versions as fast as we are able to.

  • Remove obsolete MOZ_EXTENSIONS check in suite

  • Add connect button to cZ Networks Editor

  • Remove freenode remnants from ChatZilla in SeaMonkey

  • Prefer secure over insecure protocol in network list in ChatZilla

  • Composer - Change tag textbox is not removed after use

  • Clean up repo links in debugQA

  • Fix misspelled references to macOS in suite

  • Remove obsolete references to Java and Flash

  • Help button not working in delete cert dialog

  • Rearrange Message Filter Dialog to make room for new features

  • Use Insert key as shortcut to create new message filters

  • Rename some variables used in SeaMonkey’s FilterListDialog to match
    Thunderbird’s

  • Implement Copy to New message filter functionality

  • Add move to top / bottom buttons to message filters

  • Add preference to not prompt for message filter deletion

  • Clean up folder handling in FilterListDialog

  • Add refresh function to Filter list dialog so that it can be updated
    when already open and new filters are added externally

  • Use listbox rather than tree in FilterListDialog

  • MsgFilterList(args) should take targetFilter and pass it to
    FilterListDialog

  • Mail&News’ start.xhtml: “We” link broken

  • Add search functionality to filter dialog

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-2022-108=1 openSUSE-SLE-15.3-2022-108=1

Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Related for OPENSUSE-SU-2022:0108-1