SUSE-SU-2022:2062-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20222062-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2062-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:2062-1
Related
Published
2022-06-13T13:34:30Z
Modified
2022-06-13T13:34:30Z
Summary
Security update for MozillaThunderbird
Details

This update for MozillaThunderbird fixes the following issues:

Update to Mozilla Thunderbird 91.9.1

MFSA 2022-19 (bsc#1199768):

  • CVE-2022-1802: Prototype pollution in Top-Level Await implementation (bmo#1770137).
  • CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution (bmo#1770048).

Update to Mozilla Thunderbird 91.10

MFSA 2022-22 (bsc#1200027):

  • CVE-2022-31736: Cross-Origin resource's length leaked (bmo#1735923)
  • CVE-2022-31737: Heap buffer overflow in WebGL (bmo#1743767)
  • CVE-2022-31738: Browser window spoof using fullscreen mode (bmo#1756388)
  • CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files (bmo#1765049)
  • CVE-2022-31740: Register allocation problem in WASM on arm64 (bmo#1766806)
  • CVE-2022-31741: Uninitialized variable leads to invalid memory read (bmo#1767590)
  • CVE-2022-1834: Braille space character caused incorrect sender email to be shown for a digitally signed email (bmo#1767816)
  • CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information (bmo#1730434)
  • CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10 (bmo#1760765, bmo#1765610, bmo#1766283, bmo#1767365, bmo#1768559, bmo#1768734)
References

Affected packages

SUSE:Linux Enterprise Module for Package Hub 15 SP3 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
91.10.0-150200.8.73.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird": "91.10.0-150200.8.73.1",
            "MozillaThunderbird-translations-other": "91.10.0-150200.8.73.1",
            "MozillaThunderbird-translations-common": "91.10.0-150200.8.73.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP4 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
91.10.0-150200.8.73.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird": "91.10.0-150200.8.73.1",
            "MozillaThunderbird-translations-other": "91.10.0-150200.8.73.1",
            "MozillaThunderbird-translations-common": "91.10.0-150200.8.73.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 15 SP3 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
91.10.0-150200.8.73.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird": "91.10.0-150200.8.73.1",
            "MozillaThunderbird-translations-other": "91.10.0-150200.8.73.1",
            "MozillaThunderbird-translations-common": "91.10.0-150200.8.73.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 15 SP4 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
91.10.0-150200.8.73.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird": "91.10.0-150200.8.73.1",
            "MozillaThunderbird-translations-other": "91.10.0-150200.8.73.1",
            "MozillaThunderbird-translations-common": "91.10.0-150200.8.73.1"
        }
    ]
}

openSUSE:Leap 15.3 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
91.10.0-150200.8.73.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird": "91.10.0-150200.8.73.1",
            "MozillaThunderbird-translations-other": "91.10.0-150200.8.73.1",
            "MozillaThunderbird-translations-common": "91.10.0-150200.8.73.1"
        }
    ]
}

openSUSE:Leap 15.4 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
91.10.0-150200.8.73.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird": "91.10.0-150200.8.73.1",
            "MozillaThunderbird-translations-other": "91.10.0-150200.8.73.1",
            "MozillaThunderbird-translations-common": "91.10.0-150200.8.73.1"
        }
    ]
}