thunderbird-78.7.0-1.0.1.AXS4

エラータID: AXSA:2021-1432:01

Release date: 
Tuesday, February 9, 2021 - 05:11
Subject: 
thunderbird-78.7.0-1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.7.0.

Security Fix(es):

Mozilla: Cross-origin information leakage via redirected PDF requests
(CVE-2021-23953)
Mozilla: Type confusion when using logical assignment operators in
JavaScript switch statements (CVE-2021-23954)
Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
(CVE-2021-23964)
Mozilla: IMAP Response Injection when using STARTTLS (CVE-2020-15685)
Mozilla: HTTPS pages could have been intercepted by a registered service
worker when they should not have been (CVE-2020-26976)
Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables
during GC (CVE-2021-23960)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Solution: 

Update packages.

CVEs: 
CVE-2021-23953
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23954
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23964
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-15685
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-26976
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.
CVE-2021-23960
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-78.7.0-1.0.1.AXS4.src.rpm
    MD5: 40472067d4568e1d3855c4e97fdb7199
    SHA-256: fcea851e5e89ffe0f54e02f4962b54a6681d7edda05621b80429b597ef5f19e8
    Size: 703.40 MB

Asianux Server 4 for x86
  1. thunderbird-78.7.0-1.0.1.AXS4.i686.rpm
    MD5: 1e6c5435ac1362e0852ed3b0e941e026
    SHA-256: 06cc1a0da5f0d86833cb55806419cd9c4bf67c766b186daf817824f8035b1b83
    Size: 121.99 MB

Asianux Server 4 for x86_64
  1. thunderbird-78.7.0-1.0.1.AXS4.x86_64.rpm
    MD5: 12b33bf3cfb3fb89ea8ce3d3794be1d1
    SHA-256: 1b92967d35805b3b6868b82f44529e262f438703f44c7ff69926e220e13fbd79
    Size: 118.18 MB