A thunderbird security update has been released for AlmaLinux.
ALSA-2021:3838 Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2021-10-14
Description
This update upgrades Thunderbird to version 91.2.0.
Security Fix(es):
* Mozilla: Use-after-free in MessageTask (CVE-2021-38496)
* Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500)
* Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501)
* Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502)
* rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810)
* Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497)
* Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
CVE-2021-32810
CVE-2021-38496
CVE-2021-38497
CVE-2021-38498
CVE-2021-38500
CVE-2021-38501
CVE-2021-38502
Updates packages:
thunderbird-91.2.0-1.el8_4.alma.x86_64.rpm
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
