Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-29976 (GCVE-0-2021-29976)
Vulnerability from cvelistv5 – Published: 2021-08-05 19:46 – Updated: 2024-08-03 22:24
VLAI?
EPSS
Summary
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
Severity ?
No CVSS data available.
CWE
- Memory safety bugs fixed in Thunderbird 78.12
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_MISC |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_MISC |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_MISC |
| https://bugzilla.mozilla.org/buglist.cgi?bug_id=1… | x_refsource_MISC |
| https://security.gentoo.org/glsa/202202-03 | vendor-advisoryx_refsource_GENTOO |
| https://security.gentoo.org/glsa/202208-14 | vendor-advisoryx_refsource_GENTOO |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Affected:
unspecified , < 78.12
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 78.12
(custom)
|
|
| Mozilla | Firefox |
Affected:
unspecified , < 90
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:24:57.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-29/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "78.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "78.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory safety bugs fixed in Thunderbird 78.12",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T05:14:45.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-29/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-29976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.12"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.12"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "90"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Thunderbird 78.12"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-28/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-30/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-29/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-29/"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391"
},
{
"name": "GLSA-202202-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2021-29976",
"datePublished": "2021-08-05T19:46:06.000Z",
"dateReserved": "2021-04-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:24:57.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-29976",
"date": "2026-05-21",
"epss": "0.0059",
"percentile": "0.69415"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"90.0\", \"matchCriteriaId\": \"FA0BA5A6-A40E-418E-A536-9A14711264B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"78.12\", \"matchCriteriaId\": \"ACC21BB7-A4D1-493F-A5CE-8FC1ADF83367\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"78.12\", \"matchCriteriaId\": \"B96D1A35-81C7-4D05-ADBA-210CA094D117\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.\"}, {\"lang\": \"es\", \"value\": \"Los desarrolladores de Mozilla informaron de fallos de seguridad de memoria presentes en el c\\u00f3digo compartido entre Firefox y Thunderbird. Algunos de estos fallos mostraban evidencias de corrupci\\u00f3n de memoria y suponemos que con suficiente esfuerzo algunos de ellos podr\\u00edan haber sido explotados para ejecutar c\\u00f3digo arbitrario. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 78.12, Firefox ESR versiones anteriores a 78.12 y Firefox versiones anteriores a 90\"}]",
"id": "CVE-2021-29976",
"lastModified": "2024-11-21T06:02:05.887",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-08-05T20:15:08.773",
"references": "[{\"url\": \"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202202-03\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202208-14\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-28/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-29/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-30/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202202-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202208-14\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-28/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-29/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-30/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-29976\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2021-08-05T20:15:08.773\",\"lastModified\":\"2024-11-21T06:02:05.887\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.\"},{\"lang\":\"es\",\"value\":\"Los desarrolladores de Mozilla informaron de fallos de seguridad de memoria presentes en el c\u00f3digo compartido entre Firefox y Thunderbird. Algunos de estos fallos mostraban evidencias de corrupci\u00f3n de memoria y suponemos que con suficiente esfuerzo algunos de ellos podr\u00edan haber sido explotados para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 78.12, Firefox ESR versiones anteriores a 78.12 y Firefox versiones anteriores a 90\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"90.0\",\"matchCriteriaId\":\"FA0BA5A6-A40E-418E-A536-9A14711264B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"78.12\",\"matchCriteriaId\":\"ACC21BB7-A4D1-493F-A5CE-8FC1ADF83367\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"78.12\",\"matchCriteriaId\":\"B96D1A35-81C7-4D05-ADBA-210CA094D117\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202202-03\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-14\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-28/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-29/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-30/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202202-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202208-14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-28/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-29/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-30/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2021-AVI-528
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Mozilla Firefox ESR versions antérieures à 78.12 | ||
| Mozilla | Thunderbird | Mozilla Thunderbird versions antérieures à 78.12 | ||
| Mozilla | Firefox | Mozilla Firefox versions antérieures à 90 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla Firefox ESR versions ant\u00e9rieures \u00e0 78.12",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 78.12",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Firefox versions ant\u00e9rieures \u00e0 90",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-29976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29976"
},
{
"name": "CVE-2021-29971",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29971"
},
{
"name": "CVE-2021-29974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29974"
},
{
"name": "CVE-2021-29970",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29970"
},
{
"name": "CVE-2021-29975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29975"
},
{
"name": "CVE-2021-29973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29973"
},
{
"name": "CVE-2021-29972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29972"
},
{
"name": "CVE-2021-29969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29969"
},
{
"name": "CVE-2021-30547",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30547"
},
{
"name": "CVE-2021-29977",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29977"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-528",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nMozilla. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-28 du 13 juillet 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-30 du 13 juillet 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-29 du 13 juillet 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/"
}
]
}
CERTFR-2021-AVI-528
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Mozilla Firefox ESR versions antérieures à 78.12 | ||
| Mozilla | Thunderbird | Mozilla Thunderbird versions antérieures à 78.12 | ||
| Mozilla | Firefox | Mozilla Firefox versions antérieures à 90 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla Firefox ESR versions ant\u00e9rieures \u00e0 78.12",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 78.12",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Firefox versions ant\u00e9rieures \u00e0 90",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-29976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29976"
},
{
"name": "CVE-2021-29971",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29971"
},
{
"name": "CVE-2021-29974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29974"
},
{
"name": "CVE-2021-29970",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29970"
},
{
"name": "CVE-2021-29975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29975"
},
{
"name": "CVE-2021-29973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29973"
},
{
"name": "CVE-2021-29972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29972"
},
{
"name": "CVE-2021-29969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29969"
},
{
"name": "CVE-2021-30547",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30547"
},
{
"name": "CVE-2021-29977",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29977"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-528",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nMozilla. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-28 du 13 juillet 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-30 du 13 juillet 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-29 du 13 juillet 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/"
}
]
}
BDU:2021-03661
Vulnerability from fstec - Published: 13.07.2021
VLAI Severity ?
Title
Уязвимость веб-браузеров Firefox, Firefox ESR, почтового клиента Thunderbird, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Description
Уязвимость веб-браузеров Firefox, Firefox ESR, почтового клиента Thunderbird связана с записью за границами буфера. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity ?
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», Mozilla Corp., ООО «РусБИТех-Астра», АО «ИВК», АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Firefox, Firefox ESR, Astra Linux Special Edition (запись в едином реестре российских программ №369), Альт 8 СП (запись в едином реестре российских программ №4305), Thunderbird, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 7.2 Муром (РЕД ОС), 8.1 Extended Update Support (Red Hat Enterprise Linux), 8.2 Extended Update Support (Red Hat Enterprise Linux), до 90 (Firefox), 11 (Debian GNU/Linux), до 78.12 (Firefox ESR), 1.7 (Astra Linux Special Edition), - (Альт 8 СП), до 78.12 (Thunderbird), до 2.1 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для РедОС:
http://repo.red-soft.ru/redos/7.2c/x86_64/updates/
Для Firefox:
использование рекомендаций производителя: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/
Для Firefox ESR:
использование рекомендаций производителя: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/
Для Thunderbird:
использование рекомендаций производителя: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/
Для Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2021-29976
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2021-29976
Для ОСОН Основа:
Обновление программного обеспечения thunderbird до версии 1:78.13.0+repack-1~deb10u1.osnova1
Для ОСОН Основа:
Обновление программного обеспечения firefox-esr до версии 78.13.0esr+repack-1~deb10u1.osnova2
Для ОС ОН «Стрелец»:
Обновление программного обеспечения thunderbird до версии 1:91.13.0+repack-1~deb10u1.osnova1.strelets
Обновление программного обеспечения firefox-esr до версии 91.13.0esr+repack-1~deb10u1.osnova1.strelets
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для ОС Astra Linux Special Edition 1.7:
- обновить пакет firefox до 93.0+build1-0ubuntu0.18.04.1+ci202110111719+astra11 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
- обновить пакет thunderbird до 1:91.1.2+build1-0ubuntu1+ci202110111836+astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
Reference
https://redos.red-soft.ru/updatesec/
https://www.cybersecurity-help.cz/vdb/SB2021071380
https://www.securitylab.ru/vulnerability/522218.php
https://nvd.nist.gov/vuln/detail/CVE-2021-29976
https://security-tracker.debian.org/tracker/CVE-2021-29976
https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391
https://access.redhat.com/security/cve/CVE-2021-29976
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-119
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Mozilla Corp., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 7.2 \u041c\u0443\u0440\u043e\u043c (\u0420\u0415\u0414 \u041e\u0421), 8.1 Extended Update Support (Red Hat Enterprise Linux), 8.2 Extended Update Support (Red Hat Enterprise Linux), \u0434\u043e 90 (Firefox), 11 (Debian GNU/Linux), \u0434\u043e 78.12 (Firefox ESR), 1.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 78.12 (Thunderbird), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.2c/x86_64/updates/\n\n\u0414\u043b\u044f Firefox:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/\n\n\u0414\u043b\u044f Firefox ESR:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/\n\n\u0414\u043b\u044f Thunderbird:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2021-29976\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2021-29976\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f thunderbird \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:78.13.0+repack-1~deb10u1.osnova1\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f firefox-esr \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 78.13.0esr+repack-1~deb10u1.osnova2\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f thunderbird \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:91.13.0+repack-1~deb10u1.osnova1.strelets\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f firefox-esr \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 91.13.0esr+repack-1~deb10u1.osnova1.strelets\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 firefox \u0434\u043e 93.0+build1-0ubuntu0.18.04.1+ci202110111719+astra11 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 thunderbird \u0434\u043e 1:91.1.2+build1-0ubuntu1+ci202110111836+astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.07.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.07.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03661",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-29976",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Firefox, Firefox ESR, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Thunderbird, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.2 \u041c\u0443\u0440\u043e\u043c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Red Hat Inc. Red Hat Enterprise Linux 8.1 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 8.2 Extended Update Support , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox, Firefox ESR, \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox, Firefox ESR, \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://redos.red-soft.ru/updatesec/\nhttps://www.cybersecurity-help.cz/vdb/SB2021071380\nhttps://www.securitylab.ru/vulnerability/522218.php\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29976\nhttps://security-tracker.debian.org/tracker/CVE-2021-29976\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-28/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-29/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-30/\nhttps://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391\nhttps://access.redhat.com/security/cve/CVE-2021-29976\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
FKIE_CVE-2021-29976
Vulnerability from fkie_nvd - Published: 2021-08-05 20:15 - Updated: 2024-11-21 06:02
Severity ?
Summary
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | firefox_esr | * | |
| mozilla | thunderbird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0BA5A6-A40E-418E-A536-9A14711264B7",
"versionEndExcluding": "90.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC21BB7-A4D1-493F-A5CE-8FC1ADF83367",
"versionEndExcluding": "78.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B96D1A35-81C7-4D05-ADBA-210CA094D117",
"versionEndExcluding": "78.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90."
},
{
"lang": "es",
"value": "Los desarrolladores de Mozilla informaron de fallos de seguridad de memoria presentes en el c\u00f3digo compartido entre Firefox y Thunderbird. Algunos de estos fallos mostraban evidencias de corrupci\u00f3n de memoria y suponemos que con suficiente esfuerzo algunos de ellos podr\u00edan haber sido explotados para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 78.12, Firefox ESR versiones anteriores a 78.12 y Firefox versiones anteriores a 90"
}
],
"id": "CVE-2021-29976",
"lastModified": "2024-11-21T06:02:05.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T20:15:08.773",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-14"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-29/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-29/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-JV3X-W8FF-CJ2G
Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10
VLAI?
Details
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2021-29976"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-05T20:15:00Z",
"severity": "HIGH"
},
"details": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"id": "GHSA-jv3x-w8ff-cj2g",
"modified": "2022-05-24T19:10:11Z",
"published": "2022-05-24T19:10:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29976"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-14"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-29"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2021-29976
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-29976",
"description": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"id": "GSD-2021-29976",
"references": [
"https://www.suse.com/security/cve/CVE-2021-29976.html",
"https://www.debian.org/security/2021/dsa-4940",
"https://www.debian.org/security/2021/dsa-4939",
"https://access.redhat.com/errata/RHSA-2021:2914",
"https://access.redhat.com/errata/RHSA-2021:2883",
"https://access.redhat.com/errata/RHSA-2021:2882",
"https://access.redhat.com/errata/RHSA-2021:2881",
"https://access.redhat.com/errata/RHSA-2021:2743",
"https://access.redhat.com/errata/RHSA-2021:2742",
"https://access.redhat.com/errata/RHSA-2021:2741",
"https://access.redhat.com/errata/RHSA-2021:2740",
"https://ubuntu.com/security/CVE-2021-29976",
"https://advisories.mageia.org/CVE-2021-29976.html",
"https://security.archlinux.org/CVE-2021-29976",
"https://linux.oracle.com/cve/CVE-2021-29976.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-29976"
],
"details": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"id": "GSD-2021-29976",
"modified": "2023-12-13T01:23:36.906992Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-29976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.12"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.12"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "90"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Thunderbird 78.12"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-28/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-30/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-29/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-29/"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391"
},
{
"name": "GLSA-202202-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-14"
}
]
}
},
"mozilla.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-29976"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.12"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "90"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "78.12"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox \u003c 90, and Firefox ESR \u003c 78.12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-29/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
},
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "90.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "78.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "78.12",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-29976"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-30/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-29/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-29/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-28/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-28/"
},
{
"name": "GLSA-202202-03",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-12-09T19:07Z",
"publishedDate": "2021-08-05T20:15Z"
}
}
}
OPENSUSE-SU-2021:1066-1
Vulnerability from csaf_opensuse - Published: 2021-07-19 23:03 - Updated: 2021-07-19 23:03Summary
Security update for MozillaFirefox
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox
Description of the patch: This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.12.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-29 (bsc#1188275)
* CVE-2021-29970 (bmo#1709976): Use-after-free in accessibility features of a document
* CVE-2021-30547 (bmo#1715766): Out of bounds write in ANGLE
* CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910, bmo#1711576, bmo#1714391): Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patchnames: openSUSE-2021-1066
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\nFirefox Extended Support Release 78.12.0 ESR\n\n* Fixed: Various stability, functionality, and security fixes\n\nMFSA 2021-29 (bsc#1188275)\n\n* CVE-2021-29970 (bmo#1709976): Use-after-free in accessibility features of a document\n* CVE-2021-30547 (bmo#1715766): Out of bounds write in ANGLE\n* CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910, bmo#1711576, bmo#1714391): Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1066",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1066-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1066-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/P253WUL63Q3NMRE2SIMFESB3E4L3KLVY/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1066-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/P253WUL63Q3NMRE2SIMFESB3E4L3KLVY/"
},
{
"category": "self",
"summary": "SUSE Bug 1188275",
"url": "https://bugzilla.suse.com/1188275"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29970 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29976 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30547 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30547/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2021-07-19T23:03:45Z",
"generator": {
"date": "2021-07-19T23:03:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1066-1",
"initial_release_date": "2021-07-19T23:03:45Z",
"revision_history": [
{
"date": "2021-07-19T23:03:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.12.0-lp152.2.61.1.x86_64",
"product": {
"name": "MozillaFirefox-78.12.0-lp152.2.61.1.x86_64",
"product_id": "MozillaFirefox-78.12.0-lp152.2.61.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64",
"product": {
"name": "MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64",
"product_id": "MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64",
"product_id": "MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64",
"product_id": "MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64",
"product_id": "MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.12.0-lp152.2.61.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-78.12.0-lp152.2.61.1.x86_64"
},
"product_reference": "MozillaFirefox-78.12.0-lp152.2.61.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64"
},
"product_reference": "MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29970"
}
],
"notes": [
{
"category": "general",
"text": "A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29970",
"url": "https://www.suse.com/security/cve/CVE-2021-29970"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29970",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-19T23:03:45Z",
"details": "important"
}
],
"title": "CVE-2021-29970"
},
{
"cve": "CVE-2021-29976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29976"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29976",
"url": "https://www.suse.com/security/cve/CVE-2021-29976"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29976",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-19T23:03:45Z",
"details": "important"
}
],
"title": "CVE-2021-29976"
},
{
"cve": "CVE-2021-30547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30547"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaFirefox-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30547",
"url": "https://www.suse.com/security/cve/CVE-2021-30547"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30547",
"url": "https://bugzilla.suse.com/1187141"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-30547",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaFirefox-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaFirefox-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-branding-upstream-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-buildsymbols-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-devel-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-common-78.12.0-lp152.2.61.1.x86_64",
"openSUSE Leap 15.2:MozillaFirefox-translations-other-78.12.0-lp152.2.61.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-19T23:03:45Z",
"details": "important"
}
],
"title": "CVE-2021-30547"
}
]
}
OPENSUSE-SU-2021:1091-1
Vulnerability from csaf_opensuse - Published: 2021-08-04 00:14 - Updated: 2021-08-04 00:14Summary
Security update for MozillaThunderbird
Severity
Important
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update for MozillaThunderbird fixes the following issues:
Mozilla Thunderbird 78.12
* fixed: Sending an email containing HTML links with spaces in
the URL sometimes resulted in broken links
* fixed: Folder Pane display theme fixes for macOS
* fixed: Chat account settings did not always save as expected
* fixed: RSS feed subscriptions sometimes lost
* fixed: Calendar: A parsing error for alarm triggers of type
'DURATION' caused sync problems for some users
* fixed: Various security fixes
MFSA 2021-30 (bsc#1188275)
* CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could be processed
* CVE-2021-29970: Use-after-free in accessibility features of a document
* CVE-2021-30547: Out of bounds write in ANGLE
* CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patchnames: openSUSE-2021-1091
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaThunderbird fixes the following issues:\n\nMozilla Thunderbird 78.12\n\n * fixed: Sending an email containing HTML links with spaces in\n the URL sometimes resulted in broken links\n * fixed: Folder Pane display theme fixes for macOS\n * fixed: Chat account settings did not always save as expected\n * fixed: RSS feed subscriptions sometimes lost\n * fixed: Calendar: A parsing error for alarm triggers of type\n \u0027DURATION\u0027 caused sync problems for some users\n * fixed: Various security fixes\n\nMFSA 2021-30 (bsc#1188275)\n\n* CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could be processed\n* CVE-2021-29970: Use-after-free in accessibility features of a document\n* CVE-2021-30547: Out of bounds write in ANGLE\n* CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1091",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1091-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1091-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABQT6TDIB2IQ4ZZNUZXMHLE7ZDVD4YBM/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1091-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABQT6TDIB2IQ4ZZNUZXMHLE7ZDVD4YBM/"
},
{
"category": "self",
"summary": "SUSE Bug 1188275",
"url": "https://bugzilla.suse.com/1188275"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29969 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29970 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29976 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30547 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30547/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2021-08-04T00:14:42Z",
"generator": {
"date": "2021-08-04T00:14:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1091-1",
"initial_release_date": "2021-08-04T00:14:42Z",
"revision_history": [
{
"date": "2021-08-04T00:14:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64",
"product": {
"name": "MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64",
"product_id": "MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64",
"product_id": "MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64",
"product_id": "MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64"
},
"product_reference": "MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29969"
}
],
"notes": [
{
"category": "general",
"text": "If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn\u0027t ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn\u0027t exist on the IMAP server. This vulnerability affects Thunderbird \u003c 78.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29969",
"url": "https://www.suse.com/security/cve/CVE-2021-29969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-04T00:14:42Z",
"details": "important"
}
],
"title": "CVE-2021-29969"
},
{
"cve": "CVE-2021-29970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29970"
}
],
"notes": [
{
"category": "general",
"text": "A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29970",
"url": "https://www.suse.com/security/cve/CVE-2021-29970"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29970",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-04T00:14:42Z",
"details": "important"
}
],
"title": "CVE-2021-29970"
},
{
"cve": "CVE-2021-29976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29976"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29976",
"url": "https://www.suse.com/security/cve/CVE-2021-29976"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29976",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-04T00:14:42Z",
"details": "important"
}
],
"title": "CVE-2021-29976"
},
{
"cve": "CVE-2021-30547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30547"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30547",
"url": "https://www.suse.com/security/cve/CVE-2021-30547"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30547",
"url": "https://bugzilla.suse.com/1187141"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-30547",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:MozillaThunderbird-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2.x86_64",
"openSUSE Leap 15.2:MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-08-04T00:14:42Z",
"details": "important"
}
],
"title": "CVE-2021-30547"
}
]
}
OPENSUSE-SU-2021:2393-1
Vulnerability from csaf_opensuse - Published: 2021-07-19 07:02 - Updated: 2021-07-19 07:02Summary
Security update for MozillaFirefox
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox
Description of the patch: This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 78.12.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-29 (bsc#1188275)
* CVE-2021-29970 (bmo#1709976): Use-after-free in accessibility features of a document
* CVE-2021-30547 (bmo#1715766): Out of bounds write in ANGLE
* CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910, bmo#1711576, bmo#1714391): Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
Patchnames: openSUSE-SLE-15.3-2021-2393
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\nFirefox Extended Support Release 78.12.0 ESR\n\n* Fixed: Various stability, functionality, and security fixes\n\nMFSA 2021-29 (bsc#1188275)\n\n* CVE-2021-29970 (bmo#1709976): Use-after-free in accessibility features of a document\n* CVE-2021-30547 (bmo#1715766): Out of bounds write in ANGLE\n* CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910, bmo#1711576, bmo#1714391): Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-2393",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_2393-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:2393-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TZB4J5MBNEXABZ45GDK2VINW2XRUSLGX/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:2393-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TZB4J5MBNEXABZ45GDK2VINW2XRUSLGX/"
},
{
"category": "self",
"summary": "SUSE Bug 1188275",
"url": "https://bugzilla.suse.com/1188275"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29970 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29976 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30547 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30547/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2021-07-19T07:02:02Z",
"generator": {
"date": "2021-07-19T07:02:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:2393-1",
"initial_release_date": "2021-07-19T07:02:02Z",
"revision_history": [
{
"date": "2021-07-19T07:02:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.12.0-8.46.1.aarch64",
"product": {
"name": "MozillaFirefox-78.12.0-8.46.1.aarch64",
"product_id": "MozillaFirefox-78.12.0-8.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64",
"product": {
"name": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64",
"product_id": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.12.0-8.46.1.aarch64",
"product": {
"name": "MozillaFirefox-devel-78.12.0-8.46.1.aarch64",
"product_id": "MozillaFirefox-devel-78.12.0-8.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64",
"product_id": "MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64",
"product_id": "MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.12.0-8.46.1.ppc64le",
"product": {
"name": "MozillaFirefox-78.12.0-8.46.1.ppc64le",
"product_id": "MozillaFirefox-78.12.0-8.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le",
"product": {
"name": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le",
"product_id": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.12.0-8.46.1.ppc64le",
"product": {
"name": "MozillaFirefox-devel-78.12.0-8.46.1.ppc64le",
"product_id": "MozillaFirefox-devel-78.12.0-8.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le",
"product_id": "MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le",
"product_id": "MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.12.0-8.46.1.s390x",
"product": {
"name": "MozillaFirefox-78.12.0-8.46.1.s390x",
"product_id": "MozillaFirefox-78.12.0-8.46.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x",
"product": {
"name": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x",
"product_id": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.12.0-8.46.1.s390x",
"product": {
"name": "MozillaFirefox-devel-78.12.0-8.46.1.s390x",
"product_id": "MozillaFirefox-devel-78.12.0-8.46.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.12.0-8.46.1.s390x",
"product": {
"name": "MozillaFirefox-translations-common-78.12.0-8.46.1.s390x",
"product_id": "MozillaFirefox-translations-common-78.12.0-8.46.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.12.0-8.46.1.s390x",
"product": {
"name": "MozillaFirefox-translations-other-78.12.0-8.46.1.s390x",
"product_id": "MozillaFirefox-translations-other-78.12.0-8.46.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.12.0-8.46.1.x86_64",
"product": {
"name": "MozillaFirefox-78.12.0-8.46.1.x86_64",
"product_id": "MozillaFirefox-78.12.0-8.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64",
"product": {
"name": "MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64",
"product_id": "MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.12.0-8.46.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-78.12.0-8.46.1.x86_64",
"product_id": "MozillaFirefox-devel-78.12.0-8.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64",
"product_id": "MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64",
"product_id": "MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.12.0-8.46.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.aarch64"
},
"product_reference": "MozillaFirefox-78.12.0-8.46.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.12.0-8.46.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.ppc64le"
},
"product_reference": "MozillaFirefox-78.12.0-8.46.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.12.0-8.46.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.s390x"
},
"product_reference": "MozillaFirefox-78.12.0-8.46.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.12.0-8.46.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.x86_64"
},
"product_reference": "MozillaFirefox-78.12.0-8.46.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64"
},
"product_reference": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le"
},
"product_reference": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x"
},
"product_reference": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64"
},
"product_reference": "MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.12.0-8.46.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-78.12.0-8.46.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.12.0-8.46.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-78.12.0-8.46.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.12.0-8.46.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.s390x"
},
"product_reference": "MozillaFirefox-devel-78.12.0-8.46.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.12.0-8.46.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.12.0-8.46.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.12.0-8.46.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-78.12.0-8.46.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.12.0-8.46.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.s390x"
},
"product_reference": "MozillaFirefox-translations-other-78.12.0-8.46.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29970"
}
],
"notes": [
{
"category": "general",
"text": "A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29970",
"url": "https://www.suse.com/security/cve/CVE-2021-29970"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29970",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-19T07:02:02Z",
"details": "important"
}
],
"title": "CVE-2021-29970"
},
{
"cve": "CVE-2021-29976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29976"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29976",
"url": "https://www.suse.com/security/cve/CVE-2021-29976"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29976",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-19T07:02:02Z",
"details": "important"
}
],
"title": "CVE-2021-29976"
},
{
"cve": "CVE-2021-30547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30547"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30547",
"url": "https://www.suse.com/security/cve/CVE-2021-30547"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30547",
"url": "https://bugzilla.suse.com/1187141"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-30547",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-branding-upstream-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-buildsymbols-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-devel-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-common-78.12.0-8.46.1.x86_64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.aarch64",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.ppc64le",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.s390x",
"openSUSE Leap 15.3:MozillaFirefox-translations-other-78.12.0-8.46.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-19T07:02:02Z",
"details": "important"
}
],
"title": "CVE-2021-30547"
}
]
}
OPENSUSE-SU-2021:2458-1
Vulnerability from csaf_opensuse - Published: 2021-07-22 16:08 - Updated: 2021-07-22 16:08Summary
Security update for MozillaThunderbird
Severity
Important
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update for MozillaThunderbird fixes the following issues:
Mozilla Thunderbird 78.12
* fixed: Sending an email containing HTML links with spaces in
the URL sometimes resulted in broken links
* fixed: Folder Pane display theme fixes for macOS
* fixed: Chat account settings did not always save as expected
* fixed: RSS feed subscriptions sometimes lost
* fixed: Calendar: A parsing error for alarm triggers of type
'DURATION' caused sync problems for some users
* fixed: Various security fixes
MFSA 2021-30 (bsc#1188275)
* CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could be processed
* CVE-2021-29970: Use-after-free in accessibility features of a document
* CVE-2021-30547: Out of bounds write in ANGLE
* CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12
Patchnames: openSUSE-SLE-15.3-2021-2458
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaThunderbird fixes the following issues:\n\nMozilla Thunderbird 78.12\n\n * fixed: Sending an email containing HTML links with spaces in\n the URL sometimes resulted in broken links\n * fixed: Folder Pane display theme fixes for macOS\n * fixed: Chat account settings did not always save as expected\n * fixed: RSS feed subscriptions sometimes lost\n * fixed: Calendar: A parsing error for alarm triggers of type\n \u0027DURATION\u0027 caused sync problems for some users\n * fixed: Various security fixes\n\nMFSA 2021-30 (bsc#1188275)\n\n* CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could be processed\n* CVE-2021-29970: Use-after-free in accessibility features of a document\n* CVE-2021-30547: Out of bounds write in ANGLE\n* CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-2458",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_2458-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:2458-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AQOPHIOAWOQQLB7SCESJM5UI67QUVORM/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:2458-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AQOPHIOAWOQQLB7SCESJM5UI67QUVORM/"
},
{
"category": "self",
"summary": "SUSE Bug 1188275",
"url": "https://bugzilla.suse.com/1188275"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29969 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29970 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29976 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30547 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30547/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2021-07-22T16:08:52Z",
"generator": {
"date": "2021-07-22T16:08:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:2458-1",
"initial_release_date": "2021-07-22T16:08:52Z",
"revision_history": [
{
"date": "2021-07-22T16:08:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-78.12.0-8.33.1.aarch64",
"product": {
"name": "MozillaThunderbird-78.12.0-8.33.1.aarch64",
"product_id": "MozillaThunderbird-78.12.0-8.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64",
"product_id": "MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64",
"product_id": "MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-78.12.0-8.33.1.ppc64le",
"product": {
"name": "MozillaThunderbird-78.12.0-8.33.1.ppc64le",
"product_id": "MozillaThunderbird-78.12.0-8.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le",
"product": {
"name": "MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le",
"product_id": "MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le",
"product": {
"name": "MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le",
"product_id": "MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-78.12.0-8.33.1.s390x",
"product": {
"name": "MozillaThunderbird-78.12.0-8.33.1.s390x",
"product_id": "MozillaThunderbird-78.12.0-8.33.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x",
"product_id": "MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x",
"product_id": "MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-78.12.0-8.33.1.x86_64",
"product": {
"name": "MozillaThunderbird-78.12.0-8.33.1.x86_64",
"product_id": "MozillaThunderbird-78.12.0-8.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-78.12.0-8.33.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64"
},
"product_reference": "MozillaThunderbird-78.12.0-8.33.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-78.12.0-8.33.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le"
},
"product_reference": "MozillaThunderbird-78.12.0-8.33.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-78.12.0-8.33.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x"
},
"product_reference": "MozillaThunderbird-78.12.0-8.33.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-78.12.0-8.33.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64"
},
"product_reference": "MozillaThunderbird-78.12.0-8.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le"
},
"product_reference": "MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-29969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29969"
}
],
"notes": [
{
"category": "general",
"text": "If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn\u0027t ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn\u0027t exist on the IMAP server. This vulnerability affects Thunderbird \u003c 78.12.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29969",
"url": "https://www.suse.com/security/cve/CVE-2021-29969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-22T16:08:52Z",
"details": "important"
}
],
"title": "CVE-2021-29969"
},
{
"cve": "CVE-2021-29970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29970"
}
],
"notes": [
{
"category": "general",
"text": "A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29970",
"url": "https://www.suse.com/security/cve/CVE-2021-29970"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29970",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-22T16:08:52Z",
"details": "important"
}
],
"title": "CVE-2021-29970"
},
{
"cve": "CVE-2021-29976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29976"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 78.12, Firefox ESR \u003c 78.12, and Firefox \u003c 90.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29976",
"url": "https://www.suse.com/security/cve/CVE-2021-29976"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-29976",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-22T16:08:52Z",
"details": "important"
}
],
"title": "CVE-2021-29976"
},
{
"cve": "CVE-2021-30547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30547"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30547",
"url": "https://www.suse.com/security/cve/CVE-2021-30547"
},
{
"category": "external",
"summary": "SUSE Bug 1187141 for CVE-2021-30547",
"url": "https://bugzilla.suse.com/1187141"
},
{
"category": "external",
"summary": "SUSE Bug 1188275 for CVE-2021-30547",
"url": "https://bugzilla.suse.com/1188275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-common-78.12.0-8.33.1.x86_64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.aarch64",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.ppc64le",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.s390x",
"openSUSE Leap 15.3:MozillaThunderbird-translations-other-78.12.0-8.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-22T16:08:52Z",
"details": "important"
}
],
"title": "CVE-2021-30547"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…