Sicherheit: Mehrere Probleme in thunderbird - Pro-Linux

Login

Funktion steht nur registrierten Nutzern zur Verfügung!

Newsletter

Funktion steht nur registrierten Nutzern zur Verfügung!

Werbung

Lesezeichen hinzufügen

Sicherheit: Mehrere Probleme in thunderbird

Name:	Mehrere Probleme in thunderbird

ID:	RHSA-2024:1497

Distribution:	Red Hat

Plattformen:	Red Hat Enterprise Linux AppStream EUS (v.8.6)

Datum:	Di, 26. März 2024, 07:16

Referenzen:	https://bugzilla.redhat.com/show_bug.cgi?id=2270660 https://bugzilla.redhat.com/show_bug.cgi?id=2270664 https://bugzilla.redhat.com/show_bug.cgi?id=2270665 https://bugzilla.redhat.com/show_bug.cgi?id=2260012 https://bugzilla.redhat.com/show_bug.cgi?id=2270663 https://access.redhat.com/security/cve/CVE-2024-2608 https://access.redhat.com/security/cve/CVE-2024-2611 https://access.redhat.com/security/cve/CVE-2024-2612 https://access.redhat.com/errata/RHSA-2024:1497 https://access.redhat.com/security/cve/CVE-2024-1936 https://access.redhat.com/security/cve/CVE-2023-5388 https://access.redhat.com/security/cve/CVE-2024-0743 https://access.redhat.com/security/cve/CVE-2024-2610 https://access.redhat.com/security/cve/CVE-2024-2614 https://bugzilla.redhat.com/show_bug.cgi?id=2270661 https://access.redhat.com/security/cve/CVE-2024-2607 https://bugzilla.redhat.com/show_bug.cgi?id=2243644 https://bugzilla.redhat.com/show_bug.cgi?id=2270666 https://bugzilla.redhat.com/show_bug.cgi?id=2268171

Applikationen:	Mozilla Thunderbird

Originalnachricht
An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fix(es): * nss: timing attack against RSA decryption (CVE-2023-5388) * Mozilla: Crash in NSS TLS method (CVE-2024-0743) * Mozilla: Leaking of encrypted email subjects to other conversations (CVE-2024-1936) * Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607) * Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608) * Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610) * Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611) * Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612) * Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. CVE-2023-5388: Observable Timing Discrepancy (CWE-208) CVE-2024-0743: Unchecked Return Value (CWE-252) CVE-2024-1936: Missing Encryption of Sensitive Data (CWE-311) CVE-2024-2607: Improper Access Control for Register Interface (CWE-1262) CVE-2024-2608: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120) CVE-2024-2610: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) CVE-2024-2611: The UI Performs the Wrong Action (CWE-449) CVE-2024-2612: Use After Free (CWE-416) CVE-2024-2614: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)

Pro-Linux

Funktion steht nur registrierten Nutzern zur Verfügung!

Pro-Linux @Facebook

Neue Nachrichten

Funktion steht nur registrierten Nutzern zur Verfügung!

>>mehr

Werbung