Red Hat Security Advisory: thunderbird security update
🔗 CVE IDs covered (9)
📋 Description
CVE-2021-38503 — Mozilla: iframe sandbox rules did not apply to XSLT stylesheets CVE-2021-38504 — Mozilla: Use-after-free in file picker dialog CVE-2021-38506 — Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning CVE-2021-38507 — Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports CVE-2021-38508 — Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing CVE-2021-38509 — Mozilla: Javascript alert box could have been spoofed onto an arbitrary domain CVE-2021-43529 — thunderbird: Memory corruption when processing S/MIME messages CVE-2021-43534 — Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 CVE-2021-43535 — Mozilla: Use-after-free in HTTP2 Session object
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2021:4134
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2019621
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2019622
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2019624
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2019625
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2019626
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2019627
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2019628
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2019630
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4134.json