SUSE-SU-2024:0044-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20240044-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:0044-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:0044-1
Related
Published
2024-01-07T12:09:57Z
Modified
2024-01-07T12:09:57Z
Summary
Security update for MozillaThunderbird
Details

This update for MozillaThunderbird fixes the following issues:

Firefox Extended Support Release 115.6.0 ESR (bsc#1217974): * CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (bmo#1843782). * CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (bmo#1796023). * CVE-2023-6858: Heap buffer overflow in nsTextFragment (bmo#1826791). * CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (bmo#1840144). * CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (bmo#1854669). * CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (bmo#1864118). * CVE-2023-6862: Use-after-free in nsDNSService (bsc#1868042). * CVE-2023-6863: Undefined behavior in ShutdownObserver() (bmo#1868901). * CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. * CVE-2023-50762: Truncated signed text was shown with a valid OpenPGP signature (bmo#1862625).

References

Affected packages

SUSE:Linux Enterprise Module for Package Hub 15 SP5 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.6.0-150200.8.142.2

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird": "115.6.0-150200.8.142.2",
            "MozillaThunderbird-translations-other": "115.6.0-150200.8.142.2",
            "MozillaThunderbird-translations-common": "115.6.0-150200.8.142.2"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 15 SP5 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.6.0-150200.8.142.2

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird": "115.6.0-150200.8.142.2",
            "MozillaThunderbird-translations-other": "115.6.0-150200.8.142.2",
            "MozillaThunderbird-translations-common": "115.6.0-150200.8.142.2"
        }
    ]
}

openSUSE:Leap 15.5 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.6.0-150200.8.142.2

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird": "115.6.0-150200.8.142.2",
            "MozillaThunderbird-translations-other": "115.6.0-150200.8.142.2",
            "MozillaThunderbird-translations-common": "115.6.0-150200.8.142.2"
        }
    ]
}