SUSE-SU-2024:0044-1 -- SLES MozillaThunderbirdID: oval:org.secpod.oval:def:89051334 | Date: (C)2024-01-23 (M)2024-02-08 |
Class: PATCH | Family: unix |
This update for MozillaThunderbird fixes the following issues: Firefox Extended Support Release 115.6.0 ESR : * CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver . * CVE-2023-6857: Symlinks may resolve to smaller than expected buffers . * CVE-2023-6858: Heap buffer overflow in nsTextFragment . * CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer . * CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation . * CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen in headless mode . * CVE-2023-6862: Use-after-free in nsDNSService . * CVE-2023-6863: Undefined behavior in ShutdownObserver . * CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. * CVE-2023-50762: Truncated signed text was shown with a valid OpenPGP signature .
Platform: |
SUSE Linux Enterprise Desktop 15 SP4 |
Product: |
MozillaThunderbird |