Advisories ยป MGASA-2021-0066

Updated thunderbird packages fix security vulnerabilities

Publication date: 04 Feb 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2021-23953 , CVE-2021-23954 , CVE-2020-15685 , CVE-2020-26976 , CVE-2021-23960 , CVE-2021-23964


Cross-origin information leakage via redirected PDF requests. (CVE-2021-23953)

Type confusion when using logical assignment operators in JavaScript switch
statements. (CVE-2021-23954)

IMAP Response Injection when using STARTTLS. (CVE-2020-15685)

HTTPS pages could have been intercepted by a registered service worker when
they should not have been. (CVE-2020-26976)

Use-after-poison for incorrectly redeclared JavaScript variables during GC.

Memory safety bugs fixed in Thunderbird 78.7. (CVE-2021-23964).