Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0066)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0066

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0066)

Resumen: The remote host is missing an update for the 'thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2021-0066 advisory.

Descripción: Summary:
The remote host is missing an update for the 'thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2021-0066 advisory.

Vulnerability Insight:
Cross-origin information leakage via redirected PDF requests. (CVE-2021-23953)

Type confusion when using logical assignment operators in JavaScript switch
statements. (CVE-2021-23954)

IMAP Response Injection when using STARTTLS. (CVE-2020-15685)

HTTPS pages could have been intercepted by a registered service worker when
they should not have been. (CVE-2020-26976)

Use-after-poison for incorrectly redeclared JavaScript variables during GC.
(CVE-2021-23960)

Memory safety bugs fixed in Thunderbird 78.7. (CVE-2021-23964).

Affected Software/OS:
'thunderbird, thunderbird-l10n' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-15685
https://bugzilla.mozilla.org/show_bug.cgi?id=1622640
https://www.mozilla.org/security/advisories/mfsa2021-05/
Common Vulnerability Exposure (CVE) ID: CVE-2020-26976
Debian Security Information: DSA-4840 (Google Search)
https://www.debian.org/security/2021/dsa-4840
Debian Security Information: DSA-4842 (Google Search)
https://www.debian.org/security/2021/dsa-4842
https://security.gentoo.org/glsa/202102-02
https://bugzilla.mozilla.org/show_bug.cgi?id=1674343
https://www.mozilla.org/security/advisories/mfsa2020-54/
https://lists.debian.org/debian-lts-announce/2021/02/msg00001.html
https://lists.debian.org/debian-lts-announce/2021/02/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-23953
https://bugzilla.mozilla.org/show_bug.cgi?id=1683940
https://www.mozilla.org/security/advisories/mfsa2021-03/
https://www.mozilla.org/security/advisories/mfsa2021-04/
Common Vulnerability Exposure (CVE) ID: CVE-2021-23954
https://bugzilla.mozilla.org/show_bug.cgi?id=1684020
Common Vulnerability Exposure (CVE) ID: CVE-2021-23960
https://bugzilla.mozilla.org/show_bug.cgi?id=1675755
Common Vulnerability Exposure (CVE) ID: CVE-2021-23964
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662507%2C1666285%2C1673526%2C1674278%2C1674835%2C1675097%2C1675844%2C1675868%2C1677590%2C1677888%2C1680410%2C1681268%2C1682068%2C1682938%2C1683736%2C1685260%2C1685925

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0066
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0066)
Resumen:	The remote host is missing an update for the 'thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2021-0066 advisory.
Descripción:	Summary: The remote host is missing an update for the 'thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2021-0066 advisory. Vulnerability Insight: Cross-origin information leakage via redirected PDF requests. (CVE-2021-23953) Type confusion when using logical assignment operators in JavaScript switch statements. (CVE-2021-23954) IMAP Response Injection when using STARTTLS. (CVE-2020-15685) HTTPS pages could have been intercepted by a registered service worker when they should not have been. (CVE-2020-26976) Use-after-poison for incorrectly redeclared JavaScript variables during GC. (CVE-2021-23960) Memory safety bugs fixed in Thunderbird 78.7. (CVE-2021-23964). Affected Software/OS: 'thunderbird, thunderbird-l10n' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-15685 https://bugzilla.mozilla.org/show_bug.cgi?id=1622640 https://www.mozilla.org/security/advisories/mfsa2021-05/ Common Vulnerability Exposure (CVE) ID: CVE-2020-26976 Debian Security Information: DSA-4840 (Google Search) https://www.debian.org/security/2021/dsa-4840 Debian Security Information: DSA-4842 (Google Search) https://www.debian.org/security/2021/dsa-4842 https://security.gentoo.org/glsa/202102-02 https://bugzilla.mozilla.org/show_bug.cgi?id=1674343 https://www.mozilla.org/security/advisories/mfsa2020-54/ https://lists.debian.org/debian-lts-announce/2021/02/msg00001.html https://lists.debian.org/debian-lts-announce/2021/02/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2021-23953 https://bugzilla.mozilla.org/show_bug.cgi?id=1683940 https://www.mozilla.org/security/advisories/mfsa2021-03/ https://www.mozilla.org/security/advisories/mfsa2021-04/ Common Vulnerability Exposure (CVE) ID: CVE-2021-23954 https://bugzilla.mozilla.org/show_bug.cgi?id=1684020 Common Vulnerability Exposure (CVE) ID: CVE-2021-23960 https://bugzilla.mozilla.org/show_bug.cgi?id=1675755 Common Vulnerability Exposure (CVE) ID: CVE-2021-23964 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662507%2C1666285%2C1673526%2C1674278%2C1674835%2C1675097%2C1675844%2C1675868%2C1677590%2C1677888%2C1680410%2C1681268%2C1682068%2C1682938%2C1683736%2C1685260%2C1685925
Copyright	Copyright (C) 2022 Greenbone AG