Lucene search
SuseOPENSUSE-SU-2022:0199-1HistoryJan 26, 2022 - 12:00 a.m.
Security update for MozillaThunderbird (important)
2022-01-2600:00:00
lists.opensuse.org
29
An update that fixes 14 vulnerabilities is now available.
Description:
This update for MozillaThunderbird fixes the following issues:
- CVE-2021-4140: Fixed Iframe sandbox bypass with XSLT (bsc#1194547).
- CVE-2022-22737: Fixed race condition when playing audio files
(bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur
(bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch
dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner
(bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode
(bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in
edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode
(bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the ‘Copy as curl’
feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through
securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to
fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7
sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog
(bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-199=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 15.3 | aarch64 | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm | |
| openSUSE Leap | 15.3 | ppc64le | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm | |
| openSUSE Leap | 15.3 | s390x | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm | |
| openSUSE Leap | 15.3 | x86_64 | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm |
Related
nessus
nessus
SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:0137-1)
2022-01-21 00:00:00
Mozilla Thunderbird < 91.5
2022-01-11 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 91.5.0-alt1
2022-01-19 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 91.5.0-alt1
2022-01-20 00:00:00
openvas
openvas
Mozilla Firefox ESR Security Advisories (MFSA2021-55, MFSA2022-03) - Windows
2022-01-14 00:00:00
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2022:0136-1)
2022-02-01 00:00:00
openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2022:0199-1)
2022-02-01 00:00:00
redos
redos
ROS-20220114-01
2022-01-14 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 91.5 — Mozilla
2022-01-11 00:00:00
Security Vulnerabilities fixed in Thunderbird 91.5 — Mozilla
2022-01-11 00:00:00
Security Vulnerabilities fixed in Firefox 96 — Mozilla
2022-01-11 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2022-01-12 00:00:00
thunderbird security update
2022-01-13 00:00:00
firefox security update
2022-01-12 00:00:00
osv
osv
thunderbird - security update
2022-01-16 00:00:00
firefox-esr - security update
2022-01-13 00:00:00
Important: firefox security update
2022-01-12 11:30:14
redhat
redhat
(RHSA-2022:0126) Important: firefox security update
2022-01-12 11:27:52
(RHSA-2022:0123) Important: thunderbird security update
2022-01-12 09:48:13
(RHSA-2022:0124) Important: firefox security update
2022-01-12 11:24:47
rocky
rocky
thunderbird security update
2022-01-12 11:29:46
firefox security update
2022-01-12 11:30:14
debian
debian
[SECURITY] [DSA 5044-1] firefox-esr security update
2022-01-13 18:47:15
[SECURITY] [DLA 2881-1] thunderbird security update
2022-01-16 10:56:46
[SECURITY] [DSA 5045-1] thunderbird security update
2022-01-14 18:25:24
centos
centos
thunderbird security update
2022-01-18 13:44:49
firefox security update
2022-01-18 13:44:03
almalinux
almalinux
Important: firefox security update
2022-01-12 11:30:14
Important: thunderbird security update
2022-01-12 11:29:46
suse
suse
Security update for MozillaFirefox (moderate)
2022-05-18 00:00:00
mageia
mageia
Updated nss and firefox packages fix security vulnerabilities
2022-01-12 02:22:28
Updated thunderbird packages fix security vulnerability
2022-01-16 23:39:09
ubuntu
ubuntu
Firefox vulnerabilities
2022-01-13 00:00:00
Thunderbird vulnerabilities
2022-01-21 00:00:00
Thunderbird vulnerabilities
2022-01-21 00:00:00
hivepro
hivepro
Mozilla Firefox patches multiple vulnerabilities
2022-01-12 07:57:08
amazon
amazon
Important: thunderbird
2022-03-07 23:34:00
Important: thunderbird
2022-07-06 03:17:00
prion
prion
Command injection
2022-12-22 20:15:00
Race condition
2022-12-22 20:15:00
Design/Logic Flaw
2022-12-22 20:15:00
veracode
veracode
Command Injection
2022-01-18 15:18:32
Browser Window Spoof Using Fullscreen Mode
2022-01-18 15:18:21
Use-after-free
2022-01-14 05:54:30
cve
cve
alpinelinux
alpinelinux
redhatcve
redhatcve
ubuntucve
ubuntucve
debiancve
debiancve
ibm
ibm
kaspersky
kaspersky
KLA12416 Multiple vulnerabilities in Mozilla Firefox ESR
2022-01-11 00:00:00
KLA12417 Multiple vulnerabilities in Mozilla Thunderbird
2022-01-11 00:00:00
cnvd
cnvd
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-05208)
2022-12-30 00:00:00
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-03061)
2023-01-06 00:00:00
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-03066)
2022-12-30 00:00:00
Related for OPENSUSE-SU-2022:0199-1