| Plattformen: |
SUSE Manager Proxy 4.3, SUSE Manager Server 4.3, SUSE Manager Retail Branch Server 4.3, SUSE Linux Enterprise Micro 5.3, SUSE Linux Enterprise Real Time 15 SP4, SUSE Linux Enterprise High Performance Computing 15 SP4, SUSE Linux Enterprise Server 15 SP4, SUSE Linux Enterprise Desktop 15 SP4, SUSE Linux Enterprise Server for SAP Applications 15 SP4, SUSE Package Hub 15 15-SP4, SUSE Linux Enterprise Micro 5.4, SUSE Linux Enterprise Workstation Extension 15 SP4, SUSE Linux Enterprise Real Time 15 SP5, SUSE Linux Enterprise Server for SAP Applications 15 SP5, SUSE Linux Enterprise Server 15 SP5, SUSE Linux Enterprise High Performance Computing 15 SP5, SUSE Linux Enterprise Desktop 15 SP5, SUSE Package Hub 15 15-SP5, SUSE Linux Enterprise Workstation Extension 15 SP5, SUSE Linux Enterprise Micro 5.5, SUSE openSUSE Leap 15.5, SUSE openSUSE Leap 15.4 |
--===============4481070378680900808==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
# Security update for MozillaThunderbird
Announcement ID: SUSE-SU-2023:3664-1
Rating: critical
References:
* #1214606
* #1215231
* #1215245
Cross-References:
* CVE-2023-4051
* CVE-2023-4053
* CVE-2023-4573
* CVE-2023-4574
* CVE-2023-4575
* CVE-2023-4576
* CVE-2023-4577
* CVE-2023-4578
* CVE-2023-4580
* CVE-2023-4581
* CVE-2023-4582
* CVE-2023-4583
* CVE-2023-4584
* CVE-2023-4585
* CVE-2023-4863
CVSS scores:
* CVE-2023-4051 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-4053 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2023-4573 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-4574 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-4575 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-4576 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-4577 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-4578 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-4580 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2023-4581 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2023-4582 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-4583 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-4584 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-4585 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-4863 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-4863 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP4
* SUSE Linux Enterprise Workstation Extension 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP4
* SUSE Package Hub 15 15-SP5
An update that solves 15 vulnerabilities can now be installed.
## Description:
This update for MozillaThunderbird fixes the following issues:
Security fixes:
* Mozilla Thunderbird 115.2.2 (MFSA 2023-40, bsc#1215245)
* CVE-2023-4863: Fixed heap buffer overflow in libwebp (bmo#1852649).
* Mozilla Thunderbird 115.2 (MFSA 2023-38, bsc#1214606)
* CVE-2023-4573: Memory corruption in IPC CanvasTranslator (bmo#1846687)
* CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback
(bmo#1846688)
* CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback
(bmo#1846689)
* CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation
(bmo#1846694)
* CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics (bmo#1847397)
* CVE-2023-4051: Full screen notification obscured by file open dialog
(bmo#1821884)
* CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered
an Out of Memory Exception (bmo#1839007)
* CVE-2023-4053: Full screen notification obscured by external program
(bmo#1839079)
* CVE-2023-4580: Push notifications saved to disk unencrypted (bmo#1843046)
* CVE-2023-4581: XLL file extensions were downloadable without warnings
(bmo#1843758)
* CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv (bmo#1773874)
* CVE-2023-4583: Browsing Context potentially not cleared when closing
Private
Window (bmo#1842030)
* CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (bmo#1843968,
bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529)
* CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2,
and Thunderbird 115.2 (bmo#1751583, bmo#1833504, bmo#1841082, bmo#1847904,
bmo#1848999)
Other fixes:
Mozilla Thunderbird 115.2.1 * new: Column separators are now shown between all
columns in tree view (bmo#1847441) * fixed: Crash reporter did not work in
Thunderbird Flatpak (bmo#1843102) * fixed: New mail notification always opened
message in message pane, even if pane was disabled (bmo#1840092) * fixed: After
moving an IMAP message to another folder, the incorrect message was selected in
the message list (bmo#1845376) * fixed: Adding a tag to an IMAP message opened
in a tab failed (bmo#1844452) * fixed: Junk/Spam folders were not always shown
in Unified Folders mode (bmo#1838672) * fixed: Middle-clicking a folder or
message did not open it in a background tab, as in previous versions
(bmo#1842482) * fixed: Settings tab visual improvements: Advanced Fonts dialog,
Section headers hidden behind search box (bmo#1717382,bmo#1846751) * fixed:
Various visual and style fixes (bmo#1843707,bmo#1849823)
Mozilla Thunderbird 115.2 * new: Thunderbird MSIX packages are now published on
archive.mozilla.org (bmo#1817657) * changed: Size, Unread, and Total columns
are
now right- aligned (bmo#1848604) * changed: Newsgroup names in message list
header are now abbreviated (bmo#1833298) * fixed: Message compose window did
not
apply theme colors to menus (bmo#1845699) * fixed: Reading the second new
message in a folder cleared the unread indicator of all other new messages
(bmo#1839805) * fixed: Displayed counts of unread or flagged messages could
become out-of-sync (bmo#1846860) * fixed: Deleting a message from the context
menu with messages sorted in chronological order and smooth scroll enabled
caused message list to scroll to top (bmo#1843462) * fixed: Repeatedly
switching
accounts in Subscribe dialog caused tree view to stop updating (bmo#1845593) *
fixed: "Ignore thread" caused message cards to display incorrectly in
message
list (bmo#1847966) * fixed: Creating tags from unified toolbar failed
(bmo#1846336) * fixed: Cross-folder navigation using F and N did not work
(bmo#1845011) * fixed: Account Manager did not resize to fit content, causing
"Close" button to become hidden outside bounds of dialog when too many
accounts
were listed (bmo#1847555) * fixed: Remote content exceptions could not be added
in Settings (bmo#1847576) * fixed: Newsgroup list file did not get updated
after
adding a new NNTP server (bmo#1845464) * fixed: "Download all headers"
option in
NNTP "Download Headers" dialog was incorrectly selected by default
(bmo#1845457)
* fixed: "Convert to event/task" was missing from mail context menu
(bmo#1817705) * fixed: Events and tasks were not shown in some cases despite
being present on remote server (bmo#1827100) * fixed: Various visual and UX
improvements (bmo#1844244,bmo#1845645)
* Mozilla Thunderbird 115.1.1
* fixed: Some HTML emails printed headers on first page and message on
subsequent pages (bmo#1843628)
* fixed: Deleting messages from message list sometimes scrolled list to
bottom, selecting bottommost message (bmo#1835173)
* fixed: Width of icon columns (like Junk or Starred) in message list did not
adjust when UI density was changed (bmo#1843014)
* fixed: Old OpenPGP secret keys could not be used to decrypt messages under
certain circumstances (bmo#1835786)
* fixed: When multiple folder modes were active, tab focus navigated through
all folder mode options before reaching message list (bmo#1842060)
* fixed: Unread message count badge was not displayed on parent folders of
subfolder containing unread messages (bmo#1844534)
* fixed: "Undo archive" (via Ctrl-Z) did not un-archive previously
archived
messages (bmo#1829340)
* fixed: "New" button dropdown menu in "Message Filters"
dialog could not be
opened via keyboard navigation (bmo#1843511)
* fixed: "Show New Mail Alert for" input field in "Customize New
Mail Alert"
dialog had zero width when using certain language packs (bmo#1845832)
* fixed: "Account Wizard" dialog was too narrow when adding a news
server,
partially hiding confirmation buttons (bmo#1846588)
* fixed: Link Properties and Image Properties dialogs in the composer were
too
wide (bmo#1816850)
* fixed: Thunderbird version number and details in "About" dialog
were not
automatically read by screen readers when first opening dialog
(bmo#1847078)
* fixed: Flatpak improvements and bug fixes
(bmo#1825399,bmo#1843094,bmo#1843097)
* fixed: Various visual and UX improvements (bmo#1846262)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3664=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-3664=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-3664=1
* SUSE Package Hub 15 15-SP4
zypper in -t patch
SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3664=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch
SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3664=1
* SUSE Linux Enterprise Workstation Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-3664=1
## Package List:
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1
* MozillaThunderbird-translations-common-115.2.2-150200.8.130.1
* MozillaThunderbird-115.2.2-150200.8.130.1
* MozillaThunderbird-debugsource-115.2.2-150200.8.130.1
* MozillaThunderbird-translations-other-115.2.2-150200.8.130.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1
* MozillaThunderbird-translations-common-115.2.2-150200.8.130.1
* MozillaThunderbird-115.2.2-150200.8.130.1
* MozillaThunderbird-debugsource-115.2.2-150200.8.130.1
* MozillaThunderbird-translations-other-115.2.2-150200.8.130.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1
* MozillaThunderbird-translations-common-115.2.2-150200.8.130.1
* MozillaThunderbird-115.2.2-150200.8.130.1
* MozillaThunderbird-debugsource-115.2.2-150200.8.130.1
* MozillaThunderbird-translations-other-115.2.2-150200.8.130.1
* SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x)
* MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1
* MozillaThunderbird-translations-common-115.2.2-150200.8.130.1
* MozillaThunderbird-115.2.2-150200.8.130.1
* MozillaThunderbird-debugsource-115.2.2-150200.8.130.1
* MozillaThunderbird-translations-other-115.2.2-150200.8.130.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x)
* MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1
* MozillaThunderbird-translations-common-115.2.2-150200.8.130.1
* MozillaThunderbird-115.2.2-150200.8.130.1
* MozillaThunderbird-debugsource-115.2.2-150200.8.130.1
* MozillaThunderbird-translations-other-115.2.2-150200.8.130.1
* SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
* MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1
* MozillaThunderbird-translations-common-115.2.2-150200.8.130.1
* MozillaThunderbird-115.2.2-150200.8.130.1
* MozillaThunderbird-debugsource-115.2.2-150200.8.130.1
* MozillaThunderbird-translations-other-115.2.2-150200.8.130.1
## References:
* https://www.suse.com/security/cve/CVE-2023-4051.html
* https://www.suse.com/security/cve/CVE-2023-4053.html
* https://www.suse.com/security/cve/CVE-2023-4573.html
* https://www.suse.com/security/cve/CVE-2023-4574.html
* https://www.suse.com/security/cve/CVE-2023-4575.html
* https://www.suse.com/security/cve/CVE-2023-4576.html
* https://www.suse.com/security/cve/CVE-2023-4577.html
* https://www.suse.com/security/cve/CVE-2023-4578.html
* https://www.suse.com/security/cve/CVE-2023-4580.html
* https://www.suse.com/security/cve/CVE-2023-4581.html
* https://www.suse.com/security/cve/CVE-2023-4582.html
* https://www.suse.com/security/cve/CVE-2023-4583.html
* https://www.suse.com/security/cve/CVE-2023-4584.html
* https://www.suse.com/security/cve/CVE-2023-4585.html
* https://www.suse.com/security/cve/CVE-2023-4863.html
* https://bugzilla.suse.com/show_bug.cgi?id=1214606
* https://bugzilla.suse.com/show_bug.cgi?id=1215231
* https://bugzilla.suse.com/show_bug.cgi?id=1215245
--===============4481070378680900808==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<div class="container">
<h1>Security update for MozillaThunderbird</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2023:3664-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>critical</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214606">#1214606</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215231">#1215231</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215245">#1215245</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4051.html">CVE-2023-4051</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4053.html">CVE-2023-4053</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4573.html">CVE-2023-4573</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4574.html">CVE-2023-4574</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4575.html">CVE-2023-4575</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4576.html">CVE-2023-4576</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4577.html">CVE-2023-4577</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4578.html">CVE-2023-4578</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4580.html">CVE-2023-4580</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4581.html">CVE-2023-4581</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4582.html">CVE-2023-4582</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4583.html">CVE-2023-4583</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4584.html">CVE-2023-4584</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4585.html">CVE-2023-4585</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-4863.html">CVE-2023-4863</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-4051</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-4053</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-4573</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-4574</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-4575</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-4576</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">8.6</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-4577</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-4578</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-4580</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-4581</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">4.3</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-4582</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-4583</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-4584</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-4585</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-4863</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2023-4863</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">openSUSE Leap
15.4</li>
<li class="list-group-item">openSUSE Leap
15.5</li>
<li class="list-group-item">SUSE Linux
Enterprise Desktop 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise Desktop 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise Micro 5.3</li>
<li class="list-group-item">SUSE Linux
Enterprise Micro 5.4</li>
<li class="list-group-item">SUSE Linux
Enterprise Micro 5.5</li>
<li class="list-group-item">SUSE Linux
Enterprise Real Time 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise Real Time 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise Workstation Extension 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise Workstation Extension 15 SP5</li>
<li class="list-group-item">SUSE Manager
Proxy 4.3</li>
<li class="list-group-item">SUSE Manager
Retail Branch Server 4.3</li>
<li class="list-group-item">SUSE Manager
Server 4.3</li>
<li class="list-group-item">SUSE Package
Hub 15 15-SP4</li>
<li class="list-group-item">SUSE Package
Hub 15 15-SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves 15 vulnerabilities can now be
installed.</p>
<h2>Description:</h2>
<p>This update for MozillaThunderbird fixes the following
issues:</p>
<p>Security fixes:</p>
<ul>
<li>Mozilla Thunderbird 115.2.2 (MFSA 2023-40, bsc#1215245)</li>
<li>
<p>CVE-2023-4863: Fixed heap buffer overflow in libwebp
(bmo#1852649).</p>
</li>
<li>
<p>Mozilla Thunderbird 115.2 (MFSA 2023-38, bsc#1214606)</p>
</li>
<li>CVE-2023-4573: Memory corruption in IPC CanvasTranslator
(bmo#1846687) </li>
<li>CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback
(bmo#1846688) </li>
<li>CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback
(bmo#1846689) </li>
<li>CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation
(bmo#1846694) </li>
<li>CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics
(bmo#1847397) </li>
<li>CVE-2023-4051: Full screen notification obscured by file open dialog
(bmo#1821884) </li>
<li>CVE-2023-4578: Error reporting methods in SpiderMonkey could have
triggered an Out of Memory Exception (bmo#1839007) </li>
<li>CVE-2023-4053: Full screen notification obscured by external program
(bmo#1839079) </li>
<li>CVE-2023-4580: Push notifications saved to disk unencrypted
(bmo#1843046) </li>
<li>CVE-2023-4581: XLL file extensions were downloadable without warnings
(bmo#1843758) </li>
<li>CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv (bmo#1773874)
</li>
<li>CVE-2023-4583: Browsing Context potentially not cleared when closing
Private Window (bmo#1842030) </li>
<li>CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR
102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (bmo#1843968, bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529) </li>
<li>CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR
115.2, and Thunderbird 115.2 (bmo#1751583, bmo#1833504, bmo#1841082, bmo#1847904, bmo#1848999) </li>
</ul>
<p>Other fixes:</p>
<p>Mozilla Thunderbird 115.2.1
* new: Column separators are now shown between all columns in
tree view (bmo#1847441)
* fixed: Crash reporter did not work in Thunderbird Flatpak
(bmo#1843102)
* fixed: New mail notification always opened message in message
pane, even if pane was disabled (bmo#1840092)
* fixed: After moving an IMAP message to another folder, the
incorrect message was selected in the message list
(bmo#1845376)
* fixed: Adding a tag to an IMAP message opened in a tab failed
(bmo#1844452)
* fixed: Junk/Spam folders were not always shown in Unified
Folders mode (bmo#1838672)
* fixed: Middle-clicking a folder or message did not open it in
a background tab, as in previous versions (bmo#1842482)
* fixed: Settings tab visual improvements: Advanced Fonts
dialog, Section headers hidden behind search box
(bmo#1717382,bmo#1846751)
* fixed: Various visual and style fixes
(bmo#1843707,bmo#1849823)</p>
<p>Mozilla Thunderbird 115.2
* new: Thunderbird MSIX packages are now published on
archive.mozilla.org (bmo#1817657)
* changed: Size, Unread, and Total columns are now right-
aligned (bmo#1848604)
* changed: Newsgroup names in message list header are now
abbreviated (bmo#1833298)
* fixed: Message compose window did not apply theme colors to
menus (bmo#1845699)
* fixed: Reading the second new message in a folder cleared the
unread indicator of all other new messages (bmo#1839805)
* fixed: Displayed counts of unread or flagged messages could
become out-of-sync (bmo#1846860)
* fixed: Deleting a message from the context menu with messages
sorted in chronological order and smooth scroll enabled
caused message list to scroll to top (bmo#1843462)
* fixed: Repeatedly switching accounts in Subscribe dialog
caused tree view to stop updating (bmo#1845593)
* fixed: "Ignore thread" caused message cards to display
incorrectly in message list (bmo#1847966)
* fixed: Creating tags from unified toolbar failed
(bmo#1846336)
* fixed: Cross-folder navigation using F and N did not work
(bmo#1845011)
* fixed: Account Manager did not resize to fit content, causing
"Close" button to become hidden outside bounds of dialog
when
too many accounts were listed (bmo#1847555)
* fixed: Remote content exceptions could not be added in
Settings (bmo#1847576)
* fixed: Newsgroup list file did not get updated after adding a
new NNTP server (bmo#1845464)
* fixed: "Download all headers" option in NNTP
"Download
Headers" dialog was incorrectly selected by default
(bmo#1845457)
* fixed: "Convert to event/task" was missing from mail
context
menu (bmo#1817705)
* fixed: Events and tasks were not shown in some cases despite
being present on remote server (bmo#1827100)
* fixed: Various visual and UX improvements
(bmo#1844244,bmo#1845645)</p>
<ul>
<li>Mozilla Thunderbird 115.1.1</li>
<li>fixed: Some HTML emails printed headers on first page and
message on subsequent pages (bmo#1843628)</li>
<li>fixed: Deleting messages from message list sometimes scrolled
list to bottom, selecting bottommost message (bmo#1835173)</li>
<li>fixed: Width of icon columns (like Junk or Starred) in
message list did not adjust when UI density was changed
(bmo#1843014)</li>
<li>fixed: Old OpenPGP secret keys could not be used to decrypt
messages under certain circumstances (bmo#1835786)</li>
<li>fixed: When multiple folder modes were active, tab focus
navigated through all folder mode options before reaching
message list (bmo#1842060)</li>
<li>fixed: Unread message count badge was not displayed on parent
folders of subfolder containing unread messages (bmo#1844534)</li>
<li>fixed: "Undo archive" (via Ctrl-Z) did not
un-archive
previously archived messages (bmo#1829340)</li>
<li>fixed: "New" button dropdown menu in
"Message Filters" dialog
could not be opened via keyboard navigation (bmo#1843511)</li>
<li>fixed: "Show New Mail Alert for" input field in
"Customize
New Mail Alert" dialog had zero width when using certain
language packs (bmo#1845832)</li>
<li>fixed: "Account Wizard" dialog was too narrow when
adding a
news server, partially hiding confirmation buttons
(bmo#1846588)</li>
<li>fixed: Link Properties and Image Properties dialogs in the
composer were too wide (bmo#1816850)</li>
<li>fixed: Thunderbird version number and details in
"About"
dialog were not automatically read by screen readers when
first opening dialog (bmo#1847078)</li>
<li>fixed: Flatpak improvements and bug fixes
(bmo#1825399,bmo#1843094,bmo#1843097)</li>
<li>fixed: Various visual and UX improvements (bmo#1846262)</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper
patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Workstation Extension 15 SP5
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-WE-15-SP5-2023-3664=1</code>
</li>
<li class="list-group-item">
openSUSE Leap 15.4
<br/>
<code>zypper in -t patch
openSUSE-SLE-15.4-2023-3664=1</code>
</li>
<li class="list-group-item">
openSUSE Leap 15.5
<br/>
<code>zypper in -t patch
openSUSE-SLE-15.5-2023-3664=1</code>
</li>
<li class="list-group-item">
SUSE Package Hub 15 15-SP4
<br/>
<code>zypper in -t patch
SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3664=1</code>
</li>
<li class="list-group-item">
SUSE Package Hub 15 15-SP5
<br/>
<code>zypper in -t patch
SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3664=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Workstation Extension 15 SP4
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-WE-15-SP4-2023-3664=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
<ul>
<li>MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-translations-common-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-debugsource-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-translations-other-115.2.2-150200.8.130.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
<ul>
<li>MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-translations-common-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-debugsource-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-translations-other-115.2.2-150200.8.130.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-translations-common-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-debugsource-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-translations-other-115.2.2-150200.8.130.1</li>
</ul>
</li>
<li>
SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x)
<ul>
<li>MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-translations-common-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-debugsource-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-translations-other-115.2.2-150200.8.130.1</li>
</ul>
</li>
<li>
SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x)
<ul>
<li>MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-translations-common-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-debugsource-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-translations-other-115.2.2-150200.8.130.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
<ul>
<li>MozillaThunderbird-debuginfo-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-translations-common-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-debugsource-115.2.2-150200.8.130.1</li>
<li>MozillaThunderbird-translations-other-115.2.2-150200.8.130.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4051.html">https://www.suse.com/security/cve/CVE-2023-4051.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4053.html">https://www.suse.com/security/cve/CVE-2023-4053.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4573.html">https://www.suse.com/security/cve/CVE-2023-4573.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4574.html">https://www.suse.com/security/cve/CVE-2023-4574.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4575.html">https://www.suse.com/security/cve/CVE-2023-4575.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4576.html">https://www.suse.com/security/cve/CVE-2023-4576.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4577.html">https://www.suse.com/security/cve/CVE-2023-4577.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4578.html">https://www.suse.com/security/cve/CVE-2023-4578.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4580.html">https://www.suse.com/security/cve/CVE-2023-4580.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4581.html">https://www.suse.com/security/cve/CVE-2023-4581.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4582.html">https://www.suse.com/security/cve/CVE-2023-4582.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4583.html">https://www.suse.com/security/cve/CVE-2023-4583.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4584.html">https://www.suse.com/security/cve/CVE-2023-4584.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4585.html">https://www.suse.com/security/cve/CVE-2023-4585.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-4863.html">https://www.suse.com/security/cve/CVE-2023-4863.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1214606">https://bugzilla.suse.com/show_bug.cgi?id=1214606</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215231">https://bugzilla.suse.com/show_bug.cgi?id=1215231</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215245">https://bugzilla.suse.com/show_bug.cgi?id=1215245</a>
</li>
</ul>
</div>
--===============4481070378680900808==--
|
