ALT-BU-2021-4116-1
Branch p10 update bulletin.
Package thunderbird updated to version 78.13.0-alt1 for branch p10 in task 282394.
Closed vulnerabilities
BDU:2021-04068
Уязвимость браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код в целевой системе
BDU:2021-04069
Уязвимость веб-браузеров Firefox, Firefox ESR, почтового клиента Thunderbird, связанная с возникновением конфликта интерпретаций, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2021-04070
Уязвимость браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код в целевой системе
BDU:2021-04071
Уязвимость браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код в целевой системе
BDU:2021-04072
Уязвимость метода MediaCacheStream::NotifyDataReceived почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю выполнить произвольный код в целевой системе
BDU:2021-04073
Уязвимость браузера Mozilla Firefox, позволяющая нарушителю выполнить произвольный код в целевой системе
Modified: 2024-11-21
CVE-2021-29980
Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1722204
- https://bugzilla.mozilla.org/show_bug.cgi?id=1722204
- GLSA-202202-03
- GLSA-202202-03
- GLSA-202208-14
- GLSA-202208-14
- https://www.mozilla.org/security/advisories/mfsa2021-33/
- https://www.mozilla.org/security/advisories/mfsa2021-33/
- https://www.mozilla.org/security/advisories/mfsa2021-34/
- https://www.mozilla.org/security/advisories/mfsa2021-34/
- https://www.mozilla.org/security/advisories/mfsa2021-35/
- https://www.mozilla.org/security/advisories/mfsa2021-35/
- https://www.mozilla.org/security/advisories/mfsa2021-36/
- https://www.mozilla.org/security/advisories/mfsa2021-36/
Modified: 2024-11-21
CVE-2021-29984
Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1720031
- https://bugzilla.mozilla.org/show_bug.cgi?id=1720031
- GLSA-202202-03
- GLSA-202202-03
- GLSA-202208-14
- GLSA-202208-14
- https://www.mozilla.org/security/advisories/mfsa2021-33/
- https://www.mozilla.org/security/advisories/mfsa2021-33/
- https://www.mozilla.org/security/advisories/mfsa2021-34/
- https://www.mozilla.org/security/advisories/mfsa2021-34/
- https://www.mozilla.org/security/advisories/mfsa2021-35/
- https://www.mozilla.org/security/advisories/mfsa2021-35/
- https://www.mozilla.org/security/advisories/mfsa2021-36/
- https://www.mozilla.org/security/advisories/mfsa2021-36/
Modified: 2024-11-21
CVE-2021-29985
A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1722083
- https://bugzilla.mozilla.org/show_bug.cgi?id=1722083
- GLSA-202202-03
- GLSA-202202-03
- GLSA-202208-14
- GLSA-202208-14
- https://www.mozilla.org/security/advisories/mfsa2021-33/
- https://www.mozilla.org/security/advisories/mfsa2021-33/
- https://www.mozilla.org/security/advisories/mfsa2021-34/
- https://www.mozilla.org/security/advisories/mfsa2021-34/
- https://www.mozilla.org/security/advisories/mfsa2021-35/
- https://www.mozilla.org/security/advisories/mfsa2021-35/
- https://www.mozilla.org/security/advisories/mfsa2021-36/
- https://www.mozilla.org/security/advisories/mfsa2021-36/
Modified: 2024-11-21
CVE-2021-29986
A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1696138
- https://bugzilla.mozilla.org/show_bug.cgi?id=1696138
- GLSA-202202-03
- GLSA-202202-03
- GLSA-202208-14
- GLSA-202208-14
- https://www.mozilla.org/security/advisories/mfsa2021-33/
- https://www.mozilla.org/security/advisories/mfsa2021-33/
- https://www.mozilla.org/security/advisories/mfsa2021-34/
- https://www.mozilla.org/security/advisories/mfsa2021-34/
- https://www.mozilla.org/security/advisories/mfsa2021-35/
- https://www.mozilla.org/security/advisories/mfsa2021-35/
- https://www.mozilla.org/security/advisories/mfsa2021-36/
- https://www.mozilla.org/security/advisories/mfsa2021-36/
Modified: 2024-11-21
CVE-2021-29988
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1717922
- https://bugzilla.mozilla.org/show_bug.cgi?id=1717922
- GLSA-202202-03
- GLSA-202202-03
- GLSA-202208-14
- GLSA-202208-14
- https://www.mozilla.org/security/advisories/mfsa2021-33/
- https://www.mozilla.org/security/advisories/mfsa2021-33/
- https://www.mozilla.org/security/advisories/mfsa2021-34/
- https://www.mozilla.org/security/advisories/mfsa2021-34/
- https://www.mozilla.org/security/advisories/mfsa2021-35/
- https://www.mozilla.org/security/advisories/mfsa2021-35/
- https://www.mozilla.org/security/advisories/mfsa2021-36/
- https://www.mozilla.org/security/advisories/mfsa2021-36/
Modified: 2024-11-21
CVE-2021-29989
Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662676%2C1666184%2C1719178%2C1719998%2C1720568
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662676%2C1666184%2C1719178%2C1719998%2C1720568
- GLSA-202202-03
- GLSA-202202-03
- GLSA-202208-14
- GLSA-202208-14
- https://www.mozilla.org/security/advisories/mfsa2021-33/
- https://www.mozilla.org/security/advisories/mfsa2021-33/
- https://www.mozilla.org/security/advisories/mfsa2021-34/
- https://www.mozilla.org/security/advisories/mfsa2021-34/
- https://www.mozilla.org/security/advisories/mfsa2021-35/
- https://www.mozilla.org/security/advisories/mfsa2021-35/
Closed vulnerabilities
BDU:2022-00342
Уязвимость библиотеки СИ для асинхронных запросов DNS c-ares, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-3672
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1988342
- https://bugzilla.redhat.com/show_bug.cgi?id=1988342
- https://c-ares.haxx.se/adv_20210810.html
- https://c-ares.haxx.se/adv_20210810.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- GLSA-202401-02
- GLSA-202401-02
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html