{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"78.10.0-8.23.1","MozillaThunderbird-translations-common":"78.10.0-8.23.1","MozillaThunderbird-translations-other":"78.10.0-8.23.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP2","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"78.10.0-8.23.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\n- Firefox was updated to 78.10.0 ESR (bsc#1184960)\n  * CVE-2021-23994: Out of bound write due to lazy initialization\n  * CVE-2021-23995: Use-after-free in Responsive Design Mode\n  * CVE-2021-23998: Secure Lock icon could have been spoofed\n  * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage\n  * CVE-2021-23999: Blob URLs may have been granted additional privileges\n  * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL\n  * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads\n  * CVE-2021-29946: Port blocking could be bypassed\t  \n  * CVE-2021-29948: Race condition when reading from disk while verifying signatures\n","id":"SUSE-SU-2021:1432-1","modified":"2021-04-29T08:06:48Z","published":"2021-04-29T08:06:48Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20211432-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1184960"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-23961"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-23994"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-23995"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-23998"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-23999"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-24002"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-29945"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-29946"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-29948"}],"related":["CVE-2021-23961","CVE-2021-23994","CVE-2021-23995","CVE-2021-23998","CVE-2021-23999","CVE-2021-24002","CVE-2021-29945","CVE-2021-29946","CVE-2021-29948"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2021-23961","CVE-2021-23994","CVE-2021-23995","CVE-2021-23998","CVE-2021-23999","CVE-2021-24002","CVE-2021-29945","CVE-2021-29946","CVE-2021-29948"]}