Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-23973 (GCVE-0-2021-23973)
Vulnerability from cvelistv5 – Published: 2021-02-26 01:53 – Updated: 2024-08-03 19:14
VLAI?
EPSS
Summary
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
Severity ?
No CVSS data available.
CWE
- MediaError message property could have leaked information about cross-origin resources
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Affected:
< 86
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:10.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1690976"
},
{
"name": "[debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
},
{
"name": "DSA-4866",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4866"
},
{
"name": "GLSA-202104-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202104-10"
},
{
"name": "GLSA-202104-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202104-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "\u003c 86"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "\u003c 78.8"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "\u003c 78.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "MediaError message property could have leaked information about cross-origin resources",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-01T01:08:18.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1690976"
},
{
"name": "[debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
},
{
"name": "DSA-4866",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4866"
},
{
"name": "GLSA-202104-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202104-10"
},
{
"name": "GLSA-202104-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202104-09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-23973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "\u003c 86"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "\u003c 78.8"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "\u003c 78.8"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MediaError message property could have leaked information about cross-origin resources"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-07/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-09/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-09/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-08/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-08/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1690976",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1690976"
},
{
"name": "[debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"
},
{
"name": "DSA-4866",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4866"
},
{
"name": "GLSA-202104-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202104-10"
},
{
"name": "GLSA-202104-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202104-09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2021-23973",
"datePublished": "2021-02-26T01:53:22.000Z",
"dateReserved": "2021-01-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:14:10.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-23973",
"date": "2026-04-15",
"epss": "0.00534",
"percentile": "0.67425"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"86.0\", \"matchCriteriaId\": \"89580DC6-183F-46F0-A27E-4E16D6B10EB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"78.8\", \"matchCriteriaId\": \"6A523AED-F145-4D51-BF78-95B61B8A0B34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"78.8\", \"matchCriteriaId\": \"3ABA16AF-38C2-4445-B41F-9228C97A89C1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.\"}, {\"lang\": \"es\", \"value\": \"Cuando se intenta cargar un recurso de origen cruzado en un contexto de audio y video, puede haber resultado un error de decodificaci\\u00f3n, y el contenido de ese error puede haber divulgado informaci\\u00f3n sobre el recurso.\u0026#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 86, Thunderbird versiones anteriores a 78,8 y Firefox ESR versiones anteriores a 78,8\"}]",
"id": "CVE-2021-23973",
"lastModified": "2024-11-21T05:52:07.817",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-02-26T02:15:13.243",
"references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1690976\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202104-09\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202104-10\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4866\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-07/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-08/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-09/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1690976\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202104-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202104-10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4866\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-07/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-08/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2021-09/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-209\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-23973\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2021-02-26T02:15:13.243\",\"lastModified\":\"2024-11-21T05:52:07.817\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.\"},{\"lang\":\"es\",\"value\":\"Cuando se intenta cargar un recurso de origen cruzado en un contexto de audio y video, puede haber resultado un error de decodificaci\u00f3n, y el contenido de ese error puede haber divulgado informaci\u00f3n sobre el recurso.\u0026#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 86, Thunderbird versiones anteriores a 78,8 y Firefox ESR versiones anteriores a 78,8\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-209\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"86.0\",\"matchCriteriaId\":\"89580DC6-183F-46F0-A27E-4E16D6B10EB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"78.8\",\"matchCriteriaId\":\"6A523AED-F145-4D51-BF78-95B61B8A0B34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"78.8\",\"matchCriteriaId\":\"3ABA16AF-38C2-4445-B41F-9228C97A89C1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1690976\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202104-09\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202104-10\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4866\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-07/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-08/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-09/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1690976\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202104-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202104-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4866\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-07/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-08/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2021-09/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
}
}
RHSA-2021:0660
Vulnerability from csaf_redhat - Published: 2021-02-24 15:43 - Updated: 2025-11-21 18:20Summary
Red Hat Security Advisory: firefox security update
Severity
Critical
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.8.0 ESR.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0660
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0660
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0660
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0660
References
Acknowledgments
the Mozilla project
Ademar Nowasky Junior
Masato Kinugawa
Andreas Pehrson
Mozilla developers
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.8.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)\n\n* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\n* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0660",
"url": "https://access.redhat.com/errata/RHSA-2021:0660"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0660.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:20:31+00:00",
"generator": {
"date": "2025-11-21T18:20:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2021:0660",
"initial_release_date": "2021-02-24T15:43:39+00:00",
"revision_history": [
{
"date": "2021-02-24T15:43:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-24T15:43:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:20:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_2.src",
"product": {
"name": "firefox-0:78.8.0-1.el8_2.src",
"product_id": "firefox-0:78.8.0-1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_2.aarch64",
"product": {
"name": "firefox-0:78.8.0-1.el8_2.aarch64",
"product_id": "firefox-0:78.8.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_2.ppc64le",
"product": {
"name": "firefox-0:78.8.0-1.el8_2.ppc64le",
"product_id": "firefox-0:78.8.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_2.x86_64",
"product": {
"name": "firefox-0:78.8.0-1.el8_2.x86_64",
"product_id": "firefox-0:78.8.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_2.x86_64",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_2.x86_64",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_2.s390x",
"product": {
"name": "firefox-0:78.8.0-1.el8_2.s390x",
"product_id": "firefox-0:78.8.0-1.el8_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64"
},
"product_reference": "firefox-0:78.8.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el8_2.s390x",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src"
},
"product_reference": "firefox-0:78.8.0-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ademar Nowasky Junior"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23968",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932110"
}
],
"notes": [
{
"category": "description",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "RHBZ#1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:43:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0660"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Masato Kinugawa"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23969",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932109"
}
],
"notes": [
{
"category": "description",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "RHBZ#1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:43:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0660"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Andreas Pehrson"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23973",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932111"
}
],
"notes": [
{
"category": "description",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: MediaError message property could have leaked information about cross-origin resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "RHBZ#1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:43:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0660"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: MediaError message property could have leaked information about cross-origin resources"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23978",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932112"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "RHBZ#1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:43:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0660"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8"
}
]
}
RHSA-2021:0661
Vulnerability from csaf_redhat - Published: 2021-02-24 16:04 - Updated: 2025-11-21 18:20Summary
Red Hat Security Advisory: thunderbird security update
Severity
Important
Notes
Topic: An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.8.0.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0661
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0661
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0661
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0661
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
the Mozilla project
Ademar Nowasky Junior
Masato Kinugawa
Andreas Pehrson
Mozilla developers
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.8.0.\n\nSecurity Fix(es):\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)\n\n* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\n* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0661",
"url": "https://access.redhat.com/errata/RHSA-2021:0661"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0661.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-11-21T18:20:31+00:00",
"generator": {
"date": "2025-11-21T18:20:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2021:0661",
"initial_release_date": "2021-02-24T16:04:14+00:00",
"revision_history": [
{
"date": "2021-02-24T16:04:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-24T16:04:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:20:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el7_9.src",
"product": {
"name": "thunderbird-0:78.8.0-1.el7_9.src",
"product_id": "thunderbird-0:78.8.0-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el7_9.x86_64",
"product": {
"name": "thunderbird-0:78.8.0-1.el7_9.x86_64",
"product_id": "thunderbird-0:78.8.0-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el7_9.ppc64le",
"product": {
"name": "thunderbird-0:78.8.0-1.el7_9.ppc64le",
"product_id": "thunderbird-0:78.8.0-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ademar Nowasky Junior"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23968",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932110"
}
],
"notes": [
{
"category": "description",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "RHBZ#1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T16:04:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0661"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Masato Kinugawa"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23969",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932109"
}
],
"notes": [
{
"category": "description",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "RHBZ#1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T16:04:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0661"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Andreas Pehrson"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23973",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932111"
}
],
"notes": [
{
"category": "description",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: MediaError message property could have leaked information about cross-origin resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "RHBZ#1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T16:04:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0661"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: MediaError message property could have leaked information about cross-origin resources"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23978",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932112"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "RHBZ#1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T16:04:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0661"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8"
}
]
}
RHSA-2021_0661
Vulnerability from csaf_redhat - Published: 2021-02-24 16:04 - Updated: 2024-11-22 16:27Summary
Red Hat Security Advisory: thunderbird security update
Severity
Important
Notes
Topic: An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.8.0.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0661
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0661
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0661
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0661
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
the Mozilla project
Ademar Nowasky Junior
Masato Kinugawa
Andreas Pehrson
Mozilla developers
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.8.0.\n\nSecurity Fix(es):\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)\n\n* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\n* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0661",
"url": "https://access.redhat.com/errata/RHSA-2021:0661"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0661.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-11-22T16:27:03+00:00",
"generator": {
"date": "2024-11-22T16:27:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:0661",
"initial_release_date": "2021-02-24T16:04:14+00:00",
"revision_history": [
{
"date": "2021-02-24T16:04:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-24T16:04:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:27:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el7_9.src",
"product": {
"name": "thunderbird-0:78.8.0-1.el7_9.src",
"product_id": "thunderbird-0:78.8.0-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el7_9.x86_64",
"product": {
"name": "thunderbird-0:78.8.0-1.el7_9.x86_64",
"product_id": "thunderbird-0:78.8.0-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el7_9.ppc64le",
"product": {
"name": "thunderbird-0:78.8.0-1.el7_9.ppc64le",
"product_id": "thunderbird-0:78.8.0-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ademar Nowasky Junior"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23968",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932110"
}
],
"notes": [
{
"category": "description",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "RHBZ#1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T16:04:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0661"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Masato Kinugawa"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23969",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932109"
}
],
"notes": [
{
"category": "description",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "RHBZ#1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T16:04:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0661"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Andreas Pehrson"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23973",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932111"
}
],
"notes": [
{
"category": "description",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: MediaError message property could have leaked information about cross-origin resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "RHBZ#1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T16:04:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0661"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: MediaError message property could have leaked information about cross-origin resources"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23978",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932112"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "RHBZ#1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T16:04:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0661"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:thunderbird-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:thunderbird-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8"
}
]
}
RHSA-2021:0656
Vulnerability from csaf_redhat - Published: 2021-02-24 15:51 - Updated: 2025-11-21 18:20Summary
Red Hat Security Advisory: firefox security update
Severity
Critical
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.8.0 ESR.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0656
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0656
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0656
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0656
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
the Mozilla project
Ademar Nowasky Junior
Masato Kinugawa
Andreas Pehrson
Mozilla developers
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.8.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)\n\n* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\n* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0656",
"url": "https://access.redhat.com/errata/RHSA-2021:0656"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0656.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:20:30+00:00",
"generator": {
"date": "2025-11-21T18:20:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2021:0656",
"initial_release_date": "2021-02-24T15:51:59+00:00",
"revision_history": [
{
"date": "2021-02-24T15:51:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-24T15:51:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:20:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el7_9.src",
"product": {
"name": "firefox-0:78.8.0-1.el7_9.src",
"product_id": "firefox-0:78.8.0-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el7_9.x86_64",
"product": {
"name": "firefox-0:78.8.0-1.el7_9.x86_64",
"product_id": "firefox-0:78.8.0-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"product_id": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el7_9.i686",
"product": {
"name": "firefox-0:78.8.0-1.el7_9.i686",
"product_id": "firefox-0:78.8.0-1.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el7_9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el7_9.ppc64le",
"product": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64le",
"product_id": "firefox-0:78.8.0-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"product_id": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el7_9.ppc64",
"product": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64",
"product_id": "firefox-0:78.8.0-1.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"product_id": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el7_9?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el7_9.s390x",
"product": {
"name": "firefox-0:78.8.0-1.el7_9.s390x",
"product_id": "firefox-0:78.8.0-1.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"product_id": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el7_9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ademar Nowasky Junior"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23968",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932110"
}
],
"notes": [
{
"category": "description",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "RHBZ#1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:51:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Masato Kinugawa"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23969",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932109"
}
],
"notes": [
{
"category": "description",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "RHBZ#1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:51:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Andreas Pehrson"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23973",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932111"
}
],
"notes": [
{
"category": "description",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: MediaError message property could have leaked information about cross-origin resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "RHBZ#1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:51:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: MediaError message property could have leaked information about cross-origin resources"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23978",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932112"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "RHBZ#1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:51:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8"
}
]
}
RHSA-2021_0657
Vulnerability from csaf_redhat - Published: 2021-02-24 15:30 - Updated: 2024-11-22 16:26Summary
Red Hat Security Advisory: thunderbird security update
Severity
Important
Notes
Topic: An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.8.0.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0657
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0657
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0657
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0657
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
the Mozilla project
Ademar Nowasky Junior
Masato Kinugawa
Andreas Pehrson
Mozilla developers
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.8.0.\n\nSecurity Fix(es):\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)\n\n* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\n* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0657",
"url": "https://access.redhat.com/errata/RHSA-2021:0657"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0657.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-11-22T16:26:42+00:00",
"generator": {
"date": "2024-11-22T16:26:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:0657",
"initial_release_date": "2021-02-24T15:30:13+00:00",
"revision_history": [
{
"date": "2021-02-24T15:30:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-24T15:30:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:26:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_3.src",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_3.src",
"product_id": "thunderbird-0:78.8.0-1.el8_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_3.aarch64",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_3.aarch64",
"product_id": "thunderbird-0:78.8.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"product": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"product_id": "thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.8.0-1.el8_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el8_3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_3.ppc64le",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_3.ppc64le",
"product_id": "thunderbird-0:78.8.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"product_id": "thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.8.0-1.el8_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el8_3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_3.x86_64",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_3.x86_64",
"product_id": "thunderbird-0:78.8.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64",
"product": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64",
"product_id": "thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.8.0-1.el8_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el8_3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_3.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_3.src",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64"
},
"product_reference": "thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
},
"product_reference": "thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ademar Nowasky Junior"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23968",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932110"
}
],
"notes": [
{
"category": "description",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "RHBZ#1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:30:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0657"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Masato Kinugawa"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23969",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932109"
}
],
"notes": [
{
"category": "description",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "RHBZ#1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:30:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0657"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Andreas Pehrson"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23973",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932111"
}
],
"notes": [
{
"category": "description",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: MediaError message property could have leaked information about cross-origin resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "RHBZ#1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:30:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0657"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: MediaError message property could have leaked information about cross-origin resources"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23978",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932112"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "RHBZ#1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:30:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0657"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8"
}
]
}
RHSA-2021_0655
Vulnerability from csaf_redhat - Published: 2021-02-24 14:51 - Updated: 2024-11-22 16:26Summary
Red Hat Security Advisory: firefox security update
Severity
Critical
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.8.0 ESR.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0655
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0655
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0655
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0655
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
the Mozilla project
Ademar Nowasky Junior
Masato Kinugawa
Andreas Pehrson
Mozilla developers
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.8.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)\n\n* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\n* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0655",
"url": "https://access.redhat.com/errata/RHSA-2021:0655"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0655.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-11-22T16:26:15+00:00",
"generator": {
"date": "2024-11-22T16:26:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:0655",
"initial_release_date": "2021-02-24T14:51:01+00:00",
"revision_history": [
{
"date": "2021-02-24T14:51:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-24T14:51:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:26:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_3.src",
"product": {
"name": "firefox-0:78.8.0-1.el8_3.src",
"product_id": "firefox-0:78.8.0-1.el8_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_3.aarch64",
"product": {
"name": "firefox-0:78.8.0-1.el8_3.aarch64",
"product_id": "firefox-0:78.8.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_3.ppc64le",
"product": {
"name": "firefox-0:78.8.0-1.el8_3.ppc64le",
"product_id": "firefox-0:78.8.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_3.x86_64",
"product": {
"name": "firefox-0:78.8.0-1.el8_3.x86_64",
"product_id": "firefox-0:78.8.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_3.x86_64",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_3.x86_64",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_3.s390x",
"product": {
"name": "firefox-0:78.8.0-1.el8_3.s390x",
"product_id": "firefox-0:78.8.0-1.el8_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64"
},
"product_reference": "firefox-0:78.8.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el8_3.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_3.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src"
},
"product_reference": "firefox-0:78.8.0-1.el8_3.src",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ademar Nowasky Junior"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23968",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932110"
}
],
"notes": [
{
"category": "description",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "RHBZ#1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T14:51:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0655"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Masato Kinugawa"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23969",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932109"
}
],
"notes": [
{
"category": "description",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "RHBZ#1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T14:51:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0655"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Andreas Pehrson"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23973",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932111"
}
],
"notes": [
{
"category": "description",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: MediaError message property could have leaked information about cross-origin resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "RHBZ#1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T14:51:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0655"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: MediaError message property could have leaked information about cross-origin resources"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23978",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932112"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "RHBZ#1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T14:51:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0655"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8"
}
]
}
RHSA-2021_0662
Vulnerability from csaf_redhat - Published: 2021-02-24 15:49 - Updated: 2024-11-22 16:26Summary
Red Hat Security Advisory: thunderbird security update
Severity
Important
Notes
Topic: An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.8.0.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0662
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0662
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0662
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0662
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
the Mozilla project
Ademar Nowasky Junior
Masato Kinugawa
Andreas Pehrson
Mozilla developers
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.8.0.\n\nSecurity Fix(es):\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)\n\n* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\n* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0662",
"url": "https://access.redhat.com/errata/RHSA-2021:0662"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0662.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-11-22T16:26:48+00:00",
"generator": {
"date": "2024-11-22T16:26:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:0662",
"initial_release_date": "2021-02-24T15:49:24+00:00",
"revision_history": [
{
"date": "2021-02-24T15:49:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-24T15:49:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:26:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_2.src",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_2.src",
"product_id": "thunderbird-0:78.8.0-1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_2.aarch64",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_2.aarch64",
"product_id": "thunderbird-0:78.8.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"product": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"product_id": "thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.8.0-1.el8_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el8_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_2.ppc64le",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_2.ppc64le",
"product_id": "thunderbird-0:78.8.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"product_id": "thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.8.0-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el8_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_2.x86_64",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_2.x86_64",
"product_id": "thunderbird-0:78.8.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64",
"product": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64",
"product_id": "thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.8.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64"
},
"product_reference": "thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
},
"product_reference": "thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ademar Nowasky Junior"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23968",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932110"
}
],
"notes": [
{
"category": "description",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "RHBZ#1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:49:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0662"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Masato Kinugawa"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23969",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932109"
}
],
"notes": [
{
"category": "description",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "RHBZ#1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:49:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0662"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Andreas Pehrson"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23973",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932111"
}
],
"notes": [
{
"category": "description",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: MediaError message property could have leaked information about cross-origin resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "RHBZ#1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:49:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0662"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: MediaError message property could have leaked information about cross-origin resources"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23978",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932112"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "RHBZ#1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:49:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0662"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8"
}
]
}
RHSA-2021_0659
Vulnerability from csaf_redhat - Published: 2021-02-24 15:26 - Updated: 2024-11-22 16:26Summary
Red Hat Security Advisory: firefox security update
Severity
Critical
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.8.0 ESR.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0659
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0659
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0659
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0659
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
the Mozilla project
Ademar Nowasky Junior
Masato Kinugawa
Andreas Pehrson
Mozilla developers
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.8.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)\n\n* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\n* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0659",
"url": "https://access.redhat.com/errata/RHSA-2021:0659"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0659.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-11-22T16:26:28+00:00",
"generator": {
"date": "2024-11-22T16:26:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:0659",
"initial_release_date": "2021-02-24T15:26:31+00:00",
"revision_history": [
{
"date": "2021-02-24T15:26:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-24T15:26:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:26:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.1::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_1.src",
"product": {
"name": "firefox-0:78.8.0-1.el8_1.src",
"product_id": "firefox-0:78.8.0-1.el8_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_1.aarch64",
"product": {
"name": "firefox-0:78.8.0-1.el8_1.aarch64",
"product_id": "firefox-0:78.8.0-1.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_1.ppc64le",
"product": {
"name": "firefox-0:78.8.0-1.el8_1.ppc64le",
"product_id": "firefox-0:78.8.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_1.x86_64",
"product": {
"name": "firefox-0:78.8.0-1.el8_1.x86_64",
"product_id": "firefox-0:78.8.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_1.x86_64",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_1.x86_64",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_1.s390x",
"product": {
"name": "firefox-0:78.8.0-1.el8_1.s390x",
"product_id": "firefox-0:78.8.0-1.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64"
},
"product_reference": "firefox-0:78.8.0-1.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src"
},
"product_reference": "firefox-0:78.8.0-1.el8_1.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ademar Nowasky Junior"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23968",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932110"
}
],
"notes": [
{
"category": "description",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "RHBZ#1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:26:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0659"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Masato Kinugawa"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23969",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932109"
}
],
"notes": [
{
"category": "description",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "RHBZ#1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:26:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0659"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Andreas Pehrson"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23973",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932111"
}
],
"notes": [
{
"category": "description",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: MediaError message property could have leaked information about cross-origin resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "RHBZ#1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:26:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0659"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: MediaError message property could have leaked information about cross-origin resources"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23978",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932112"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "RHBZ#1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:26:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0659"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8"
}
]
}
RHSA-2021:0659
Vulnerability from csaf_redhat - Published: 2021-02-24 15:26 - Updated: 2025-11-21 18:20Summary
Red Hat Security Advisory: firefox security update
Severity
Critical
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.8.0 ESR.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0659
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0659
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0659
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0659
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
the Mozilla project
Ademar Nowasky Junior
Masato Kinugawa
Andreas Pehrson
Mozilla developers
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.8.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)\n\n* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\n* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0659",
"url": "https://access.redhat.com/errata/RHSA-2021:0659"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0659.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:20:31+00:00",
"generator": {
"date": "2025-11-21T18:20:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2021:0659",
"initial_release_date": "2021-02-24T15:26:31+00:00",
"revision_history": [
{
"date": "2021-02-24T15:26:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-24T15:26:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:20:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.1::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_1.src",
"product": {
"name": "firefox-0:78.8.0-1.el8_1.src",
"product_id": "firefox-0:78.8.0-1.el8_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_1.aarch64",
"product": {
"name": "firefox-0:78.8.0-1.el8_1.aarch64",
"product_id": "firefox-0:78.8.0-1.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_1.ppc64le",
"product": {
"name": "firefox-0:78.8.0-1.el8_1.ppc64le",
"product_id": "firefox-0:78.8.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_1.x86_64",
"product": {
"name": "firefox-0:78.8.0-1.el8_1.x86_64",
"product_id": "firefox-0:78.8.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_1.x86_64",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_1.x86_64",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_1.s390x",
"product": {
"name": "firefox-0:78.8.0-1.el8_1.s390x",
"product_id": "firefox-0:78.8.0-1.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64"
},
"product_reference": "firefox-0:78.8.0-1.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src"
},
"product_reference": "firefox-0:78.8.0-1.el8_1.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ademar Nowasky Junior"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23968",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932110"
}
],
"notes": [
{
"category": "description",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "RHBZ#1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:26:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0659"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Masato Kinugawa"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23969",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932109"
}
],
"notes": [
{
"category": "description",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "RHBZ#1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:26:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0659"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Andreas Pehrson"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23973",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932111"
}
],
"notes": [
{
"category": "description",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: MediaError message property could have leaked information about cross-origin resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "RHBZ#1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:26:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0659"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: MediaError message property could have leaked information about cross-origin resources"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23978",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932112"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "RHBZ#1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:26:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0659"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:firefox-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.aarch64",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.s390x",
"AppStream-8.1.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8"
}
]
}
RHSA-2021:0655
Vulnerability from csaf_redhat - Published: 2021-02-24 14:51 - Updated: 2025-11-21 18:20Summary
Red Hat Security Advisory: firefox security update
Severity
Critical
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.8.0 ESR.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0655
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0655
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0655
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0655
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
the Mozilla project
Ademar Nowasky Junior
Masato Kinugawa
Andreas Pehrson
Mozilla developers
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.8.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)\n\n* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\n* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0655",
"url": "https://access.redhat.com/errata/RHSA-2021:0655"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0655.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:20:29+00:00",
"generator": {
"date": "2025-11-21T18:20:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2021:0655",
"initial_release_date": "2021-02-24T14:51:01+00:00",
"revision_history": [
{
"date": "2021-02-24T14:51:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-24T14:51:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:20:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_3.src",
"product": {
"name": "firefox-0:78.8.0-1.el8_3.src",
"product_id": "firefox-0:78.8.0-1.el8_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_3.aarch64",
"product": {
"name": "firefox-0:78.8.0-1.el8_3.aarch64",
"product_id": "firefox-0:78.8.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_3.ppc64le",
"product": {
"name": "firefox-0:78.8.0-1.el8_3.ppc64le",
"product_id": "firefox-0:78.8.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_3.x86_64",
"product": {
"name": "firefox-0:78.8.0-1.el8_3.x86_64",
"product_id": "firefox-0:78.8.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_3.x86_64",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_3.x86_64",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_3.s390x",
"product": {
"name": "firefox-0:78.8.0-1.el8_3.s390x",
"product_id": "firefox-0:78.8.0-1.el8_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64"
},
"product_reference": "firefox-0:78.8.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el8_3.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_3.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src"
},
"product_reference": "firefox-0:78.8.0-1.el8_3.src",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ademar Nowasky Junior"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23968",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932110"
}
],
"notes": [
{
"category": "description",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "RHBZ#1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T14:51:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0655"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Masato Kinugawa"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23969",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932109"
}
],
"notes": [
{
"category": "description",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "RHBZ#1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T14:51:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0655"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Andreas Pehrson"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23973",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932111"
}
],
"notes": [
{
"category": "description",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: MediaError message property could have leaked information about cross-origin resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "RHBZ#1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T14:51:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0655"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: MediaError message property could have leaked information about cross-origin resources"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23978",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932112"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "RHBZ#1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T14:51:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0655"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:firefox-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.s390x",
"AppStream-8.3.0.Z.MAIN:firefox-debugsource-0:78.8.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8"
}
]
}
RHSA-2021:0658
Vulnerability from csaf_redhat - Published: 2021-02-24 15:31 - Updated: 2025-11-21 18:20Summary
Red Hat Security Advisory: thunderbird security update
Severity
Important
Notes
Topic: An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.8.0.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0658
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0658
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0658
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0658
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
the Mozilla project
Ademar Nowasky Junior
Masato Kinugawa
Andreas Pehrson
Mozilla developers
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.8.0.\n\nSecurity Fix(es):\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)\n\n* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\n* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0658",
"url": "https://access.redhat.com/errata/RHSA-2021:0658"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0658.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-11-21T18:20:30+00:00",
"generator": {
"date": "2025-11-21T18:20:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2021:0658",
"initial_release_date": "2021-02-24T15:31:22+00:00",
"revision_history": [
{
"date": "2021-02-24T15:31:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-24T15:31:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:20:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.1::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_1.src",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_1.src",
"product_id": "thunderbird-0:78.8.0-1.el8_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_1.ppc64le",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_1.ppc64le",
"product_id": "thunderbird-0:78.8.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"product_id": "thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.8.0-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el8_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_1.x86_64",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_1.x86_64",
"product_id": "thunderbird-0:78.8.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64",
"product": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64",
"product_id": "thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.8.0-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el8_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_1.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
},
"product_reference": "thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ademar Nowasky Junior"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23968",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932110"
}
],
"notes": [
{
"category": "description",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "RHBZ#1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:31:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0658"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Masato Kinugawa"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23969",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932109"
}
],
"notes": [
{
"category": "description",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "RHBZ#1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:31:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0658"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Andreas Pehrson"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23973",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932111"
}
],
"notes": [
{
"category": "description",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: MediaError message property could have leaked information about cross-origin resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "RHBZ#1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:31:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0658"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: MediaError message property could have leaked information about cross-origin resources"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23978",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932112"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "RHBZ#1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:31:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0658"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8"
}
]
}
RHSA-2021_0660
Vulnerability from csaf_redhat - Published: 2021-02-24 15:43 - Updated: 2024-11-22 16:26Summary
Red Hat Security Advisory: firefox security update
Severity
Critical
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.8.0 ESR.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0660
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0660
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0660
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0660
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
the Mozilla project
Ademar Nowasky Junior
Masato Kinugawa
Andreas Pehrson
Mozilla developers
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.8.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)\n\n* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\n* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0660",
"url": "https://access.redhat.com/errata/RHSA-2021:0660"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0660.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-11-22T16:26:21+00:00",
"generator": {
"date": "2024-11-22T16:26:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:0660",
"initial_release_date": "2021-02-24T15:43:39+00:00",
"revision_history": [
{
"date": "2021-02-24T15:43:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-24T15:43:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:26:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_2.src",
"product": {
"name": "firefox-0:78.8.0-1.el8_2.src",
"product_id": "firefox-0:78.8.0-1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_2.aarch64",
"product": {
"name": "firefox-0:78.8.0-1.el8_2.aarch64",
"product_id": "firefox-0:78.8.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_2.ppc64le",
"product": {
"name": "firefox-0:78.8.0-1.el8_2.ppc64le",
"product_id": "firefox-0:78.8.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_2.x86_64",
"product": {
"name": "firefox-0:78.8.0-1.el8_2.x86_64",
"product_id": "firefox-0:78.8.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_2.x86_64",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_2.x86_64",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el8_2.s390x",
"product": {
"name": "firefox-0:78.8.0-1.el8_2.s390x",
"product_id": "firefox-0:78.8.0-1.el8_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el8_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"product": {
"name": "firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"product_id": "firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@78.8.0-1.el8_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"product_id": "firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el8_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64"
},
"product_reference": "firefox-0:78.8.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el8_2.s390x",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src"
},
"product_reference": "firefox-0:78.8.0-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:78.8.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
},
"product_reference": "firefox-debugsource-0:78.8.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ademar Nowasky Junior"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23968",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932110"
}
],
"notes": [
{
"category": "description",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "RHBZ#1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:43:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0660"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Masato Kinugawa"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23969",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932109"
}
],
"notes": [
{
"category": "description",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "RHBZ#1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:43:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0660"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Andreas Pehrson"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23973",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932111"
}
],
"notes": [
{
"category": "description",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: MediaError message property could have leaked information about cross-origin resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "RHBZ#1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:43:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0660"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: MediaError message property could have leaked information about cross-origin resources"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23978",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932112"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "RHBZ#1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:43:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0660"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:firefox-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.s390x",
"AppStream-8.2.0.Z.EUS:firefox-debugsource-0:78.8.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8"
}
]
}
RHSA-2021:0657
Vulnerability from csaf_redhat - Published: 2021-02-24 15:30 - Updated: 2025-11-21 18:20Summary
Red Hat Security Advisory: thunderbird security update
Severity
Important
Notes
Topic: An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.8.0.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0657
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0657
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0657
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0657
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
the Mozilla project
Ademar Nowasky Junior
Masato Kinugawa
Andreas Pehrson
Mozilla developers
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.8.0.\n\nSecurity Fix(es):\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)\n\n* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\n* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0657",
"url": "https://access.redhat.com/errata/RHSA-2021:0657"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0657.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-11-21T18:20:34+00:00",
"generator": {
"date": "2025-11-21T18:20:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2021:0657",
"initial_release_date": "2021-02-24T15:30:13+00:00",
"revision_history": [
{
"date": "2021-02-24T15:30:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-24T15:30:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:20:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_3.src",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_3.src",
"product_id": "thunderbird-0:78.8.0-1.el8_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_3.aarch64",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_3.aarch64",
"product_id": "thunderbird-0:78.8.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"product": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"product_id": "thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.8.0-1.el8_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el8_3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_3.ppc64le",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_3.ppc64le",
"product_id": "thunderbird-0:78.8.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"product_id": "thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.8.0-1.el8_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el8_3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_3.x86_64",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_3.x86_64",
"product_id": "thunderbird-0:78.8.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64",
"product": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64",
"product_id": "thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.8.0-1.el8_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el8_3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_3.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_3.src",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64"
},
"product_reference": "thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
},
"product_reference": "thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64",
"relates_to_product_reference": "AppStream-8.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ademar Nowasky Junior"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23968",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932110"
}
],
"notes": [
{
"category": "description",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "RHBZ#1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:30:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0657"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Masato Kinugawa"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23969",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932109"
}
],
"notes": [
{
"category": "description",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "RHBZ#1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:30:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0657"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Andreas Pehrson"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23973",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932111"
}
],
"notes": [
{
"category": "description",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: MediaError message property could have leaked information about cross-origin resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "RHBZ#1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:30:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0657"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: MediaError message property could have leaked information about cross-origin resources"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23978",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932112"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "RHBZ#1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:30:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0657"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.src",
"AppStream-8.3.0.Z.MAIN:thunderbird-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debuginfo-0:78.8.0-1.el8_3.x86_64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.aarch64",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.ppc64le",
"AppStream-8.3.0.Z.MAIN:thunderbird-debugsource-0:78.8.0-1.el8_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8"
}
]
}
RHSA-2021:0662
Vulnerability from csaf_redhat - Published: 2021-02-24 15:49 - Updated: 2025-11-21 18:20Summary
Red Hat Security Advisory: thunderbird security update
Severity
Important
Notes
Topic: An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.8.0.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0662
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0662
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0662
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0662
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
the Mozilla project
Ademar Nowasky Junior
Masato Kinugawa
Andreas Pehrson
Mozilla developers
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.8.0.\n\nSecurity Fix(es):\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)\n\n* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\n* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0662",
"url": "https://access.redhat.com/errata/RHSA-2021:0662"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0662.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-11-21T18:20:32+00:00",
"generator": {
"date": "2025-11-21T18:20:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2021:0662",
"initial_release_date": "2021-02-24T15:49:24+00:00",
"revision_history": [
{
"date": "2021-02-24T15:49:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-24T15:49:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:20:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_2.src",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_2.src",
"product_id": "thunderbird-0:78.8.0-1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_2.aarch64",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_2.aarch64",
"product_id": "thunderbird-0:78.8.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"product": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"product_id": "thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.8.0-1.el8_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el8_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_2.ppc64le",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_2.ppc64le",
"product_id": "thunderbird-0:78.8.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"product_id": "thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.8.0-1.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el8_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_2.x86_64",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_2.x86_64",
"product_id": "thunderbird-0:78.8.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64",
"product": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64",
"product_id": "thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.8.0-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64"
},
"product_reference": "thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
},
"product_reference": "thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ademar Nowasky Junior"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23968",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932110"
}
],
"notes": [
{
"category": "description",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "RHBZ#1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:49:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0662"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Masato Kinugawa"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23969",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932109"
}
],
"notes": [
{
"category": "description",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "RHBZ#1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:49:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0662"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Andreas Pehrson"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23973",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932111"
}
],
"notes": [
{
"category": "description",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: MediaError message property could have leaked information about cross-origin resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "RHBZ#1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:49:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0662"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: MediaError message property could have leaked information about cross-origin resources"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23978",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932112"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "RHBZ#1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:49:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0662"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.src",
"AppStream-8.2.0.Z.EUS:thunderbird-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_2.x86_64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.aarch64",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.ppc64le",
"AppStream-8.2.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8"
}
]
}
RHSA-2021_0658
Vulnerability from csaf_redhat - Published: 2021-02-24 15:31 - Updated: 2024-11-22 16:26Summary
Red Hat Security Advisory: thunderbird security update
Severity
Important
Notes
Topic: An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 78.8.0.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0658
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0658
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0658
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2021:0658
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
the Mozilla project
Ademar Nowasky Junior
Masato Kinugawa
Andreas Pehrson
Mozilla developers
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.8.0.\n\nSecurity Fix(es):\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)\n\n* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\n* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0658",
"url": "https://access.redhat.com/errata/RHSA-2021:0658"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0658.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2024-11-22T16:26:56+00:00",
"generator": {
"date": "2024-11-22T16:26:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:0658",
"initial_release_date": "2021-02-24T15:31:22+00:00",
"revision_history": [
{
"date": "2021-02-24T15:31:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-24T15:31:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:26:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.1::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_1.src",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_1.src",
"product_id": "thunderbird-0:78.8.0-1.el8_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_1.ppc64le",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_1.ppc64le",
"product_id": "thunderbird-0:78.8.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"product_id": "thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.8.0-1.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el8_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:78.8.0-1.el8_1.x86_64",
"product": {
"name": "thunderbird-0:78.8.0-1.el8_1.x86_64",
"product_id": "thunderbird-0:78.8.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@78.8.0-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64",
"product": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64",
"product_id": "thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@78.8.0-1.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"product_id": "thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@78.8.0-1.el8_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_1.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_1.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:78.8.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64"
},
"product_reference": "thunderbird-0:78.8.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
},
"product_reference": "thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ademar Nowasky Junior"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23968",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932110"
}
],
"notes": [
{
"category": "description",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "RHBZ#1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:31:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0658"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Masato Kinugawa"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23969",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932109"
}
],
"notes": [
{
"category": "description",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "RHBZ#1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:31:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0658"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Andreas Pehrson"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23973",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932111"
}
],
"notes": [
{
"category": "description",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: MediaError message property could have leaked information about cross-origin resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "RHBZ#1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:31:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0658"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: MediaError message property could have leaked information about cross-origin resources"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23978",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932112"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "RHBZ#1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:31:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0658"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.src",
"AppStream-8.1.0.Z.EUS:thunderbird-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debuginfo-0:78.8.0-1.el8_1.x86_64",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.ppc64le",
"AppStream-8.1.0.Z.EUS:thunderbird-debugsource-0:78.8.0-1.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8"
}
]
}
RHSA-2021_0656
Vulnerability from csaf_redhat - Published: 2021-02-24 15:51 - Updated: 2024-11-22 16:26Summary
Red Hat Security Advisory: firefox security update
Severity
Critical
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.8.0 ESR.
Security Fix(es):
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)
* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)
* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)
* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0656
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0656
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
6.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0656
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
https://access.redhat.com/errata/RHSA-2021:0656
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
the Mozilla project
Ademar Nowasky Junior
Masato Kinugawa
Andreas Pehrson
Mozilla developers
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.8.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968)\n\n* Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969)\n\n* Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\n* Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0656",
"url": "https://access.redhat.com/errata/RHSA-2021:0656"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0656.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2024-11-22T16:26:35+00:00",
"generator": {
"date": "2024-11-22T16:26:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:0656",
"initial_release_date": "2021-02-24T15:51:59+00:00",
"revision_history": [
{
"date": "2021-02-24T15:51:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-02-24T15:51:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:26:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el7_9.src",
"product": {
"name": "firefox-0:78.8.0-1.el7_9.src",
"product_id": "firefox-0:78.8.0-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el7_9.x86_64",
"product": {
"name": "firefox-0:78.8.0-1.el7_9.x86_64",
"product_id": "firefox-0:78.8.0-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"product_id": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el7_9.i686",
"product": {
"name": "firefox-0:78.8.0-1.el7_9.i686",
"product_id": "firefox-0:78.8.0-1.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el7_9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el7_9.ppc64le",
"product": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64le",
"product_id": "firefox-0:78.8.0-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"product_id": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el7_9.ppc64",
"product": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64",
"product_id": "firefox-0:78.8.0-1.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"product_id": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el7_9?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:78.8.0-1.el7_9.s390x",
"product": {
"name": "firefox-0:78.8.0-1.el7_9.s390x",
"product_id": "firefox-0:78.8.0-1.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@78.8.0-1.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"product": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"product_id": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@78.8.0-1.el7_9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.src",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ademar Nowasky Junior"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23968",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932110"
}
],
"notes": [
{
"category": "description",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "RHBZ#1932110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23968"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:51:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Masato Kinugawa"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23969",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932109"
}
],
"notes": [
{
"category": "description",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u2019s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "RHBZ#1932109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23969"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:51:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Content Security Policy violation report could have contained the destination of a redirect"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Andreas Pehrson"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23973",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932111"
}
],
"notes": [
{
"category": "description",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: MediaError message property could have leaked information about cross-origin resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "RHBZ#1932111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:51:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: MediaError message property could have leaked information about cross-origin resources"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Mozilla developers"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2021-23978",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2021-02-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1932112"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "RHBZ#1932112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23978"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978"
}
],
"release_date": "2021-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-02-24T15:51:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0656"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:78.8.0-1.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:78.8.0-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8"
}
]
}
SUSE-SU-2021:0659-1
Vulnerability from csaf_suse - Published: 2021-03-01 12:41 - Updated: 2021-03-01 12:41Summary
Security update for MozillaFirefox
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox
Description of the patch: This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.8.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-08 (bsc#1182614)
* CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
* CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
Patchnames: SUSE-2021-659,SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-659,SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-659
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\n- Firefox Extended Support Release 78.8.0 ESR\n * Fixed: Various stability, functionality, and security fixes\n MFSA 2021-08 (bsc#1182614)\n * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect\n * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect\n * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources\n * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-659,SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-659,SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-659",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0659-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:0659-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20210659-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:0659-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008402.html"
},
{
"category": "self",
"summary": "SUSE Bug 1182357",
"url": "https://bugzilla.suse.com/1182357"
},
{
"category": "self",
"summary": "SUSE Bug 1182614",
"url": "https://bugzilla.suse.com/1182614"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23968 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23969 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23973 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23978 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23978/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2021-03-01T12:41:24Z",
"generator": {
"date": "2021-03-01T12:41:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:0659-1",
"initial_release_date": "2021-03-01T12:41:24Z",
"revision_history": [
{
"date": "2021-03-01T12:41:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.8.0-8.32.2.aarch64",
"product": {
"name": "MozillaFirefox-78.8.0-8.32.2.aarch64",
"product_id": "MozillaFirefox-78.8.0-8.32.2.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.8.0-8.32.2.aarch64",
"product": {
"name": "MozillaFirefox-branding-upstream-78.8.0-8.32.2.aarch64",
"product_id": "MozillaFirefox-branding-upstream-78.8.0-8.32.2.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.8.0-8.32.2.aarch64",
"product": {
"name": "MozillaFirefox-devel-78.8.0-8.32.2.aarch64",
"product_id": "MozillaFirefox-devel-78.8.0-8.32.2.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64",
"product_id": "MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64",
"product": {
"name": "MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64",
"product_id": "MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.8.0-8.32.2.i686",
"product": {
"name": "MozillaFirefox-78.8.0-8.32.2.i686",
"product_id": "MozillaFirefox-78.8.0-8.32.2.i686"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.8.0-8.32.2.i686",
"product": {
"name": "MozillaFirefox-branding-upstream-78.8.0-8.32.2.i686",
"product_id": "MozillaFirefox-branding-upstream-78.8.0-8.32.2.i686"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-78.8.0-8.32.2.i686",
"product": {
"name": "MozillaFirefox-buildsymbols-78.8.0-8.32.2.i686",
"product_id": "MozillaFirefox-buildsymbols-78.8.0-8.32.2.i686"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.8.0-8.32.2.i686",
"product": {
"name": "MozillaFirefox-devel-78.8.0-8.32.2.i686",
"product_id": "MozillaFirefox-devel-78.8.0-8.32.2.i686"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.8.0-8.32.2.i686",
"product": {
"name": "MozillaFirefox-translations-common-78.8.0-8.32.2.i686",
"product_id": "MozillaFirefox-translations-common-78.8.0-8.32.2.i686"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.8.0-8.32.2.i686",
"product": {
"name": "MozillaFirefox-translations-other-78.8.0-8.32.2.i686",
"product_id": "MozillaFirefox-translations-other-78.8.0-8.32.2.i686"
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.8.0-8.32.2.ppc64le",
"product": {
"name": "MozillaFirefox-78.8.0-8.32.2.ppc64le",
"product_id": "MozillaFirefox-78.8.0-8.32.2.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.8.0-8.32.2.ppc64le",
"product": {
"name": "MozillaFirefox-branding-upstream-78.8.0-8.32.2.ppc64le",
"product_id": "MozillaFirefox-branding-upstream-78.8.0-8.32.2.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.8.0-8.32.2.ppc64le",
"product": {
"name": "MozillaFirefox-devel-78.8.0-8.32.2.ppc64le",
"product_id": "MozillaFirefox-devel-78.8.0-8.32.2.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le",
"product_id": "MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le",
"product": {
"name": "MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le",
"product_id": "MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.8.0-8.32.2.s390x",
"product": {
"name": "MozillaFirefox-78.8.0-8.32.2.s390x",
"product_id": "MozillaFirefox-78.8.0-8.32.2.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.8.0-8.32.2.s390x",
"product": {
"name": "MozillaFirefox-branding-upstream-78.8.0-8.32.2.s390x",
"product_id": "MozillaFirefox-branding-upstream-78.8.0-8.32.2.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.8.0-8.32.2.s390x",
"product": {
"name": "MozillaFirefox-devel-78.8.0-8.32.2.s390x",
"product_id": "MozillaFirefox-devel-78.8.0-8.32.2.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.8.0-8.32.2.s390x",
"product": {
"name": "MozillaFirefox-translations-common-78.8.0-8.32.2.s390x",
"product_id": "MozillaFirefox-translations-common-78.8.0-8.32.2.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.8.0-8.32.2.s390x",
"product": {
"name": "MozillaFirefox-translations-other-78.8.0-8.32.2.s390x",
"product_id": "MozillaFirefox-translations-other-78.8.0-8.32.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.8.0-8.32.2.x86_64",
"product": {
"name": "MozillaFirefox-78.8.0-8.32.2.x86_64",
"product_id": "MozillaFirefox-78.8.0-8.32.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.8.0-8.32.2.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-78.8.0-8.32.2.x86_64",
"product_id": "MozillaFirefox-branding-upstream-78.8.0-8.32.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-78.8.0-8.32.2.x86_64",
"product": {
"name": "MozillaFirefox-buildsymbols-78.8.0-8.32.2.x86_64",
"product_id": "MozillaFirefox-buildsymbols-78.8.0-8.32.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.8.0-8.32.2.x86_64",
"product": {
"name": "MozillaFirefox-devel-78.8.0-8.32.2.x86_64",
"product_id": "MozillaFirefox-devel-78.8.0-8.32.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64",
"product_id": "MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64",
"product_id": "MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-8.32.2.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.aarch64"
},
"product_reference": "MozillaFirefox-78.8.0-8.32.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-8.32.2.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.ppc64le"
},
"product_reference": "MozillaFirefox-78.8.0-8.32.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-8.32.2.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.s390x"
},
"product_reference": "MozillaFirefox-78.8.0-8.32.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-8.32.2.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-8.32.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-8.32.2.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.aarch64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-8.32.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-8.32.2.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.ppc64le"
},
"product_reference": "MozillaFirefox-devel-78.8.0-8.32.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-8.32.2.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.s390x"
},
"product_reference": "MozillaFirefox-devel-78.8.0-8.32.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-8.32.2.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-8.32.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-8.32.2.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-8.32.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-8.32.2.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.s390x"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-8.32.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23968"
}
],
"notes": [
{
"category": "general",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23968",
"url": "https://www.suse.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23968",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T12:41:24Z",
"details": "important"
}
],
"title": "CVE-2021-23968"
},
{
"cve": "CVE-2021-23969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23969"
}
],
"notes": [
{
"category": "general",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u0027s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23969",
"url": "https://www.suse.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23969",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T12:41:24Z",
"details": "important"
}
],
"title": "CVE-2021-23969"
},
{
"cve": "CVE-2021-23973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23973"
}
],
"notes": [
{
"category": "general",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23973",
"url": "https://www.suse.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23973",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T12:41:24Z",
"details": "important"
}
],
"title": "CVE-2021-23973"
},
{
"cve": "CVE-2021-23978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23978"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23978",
"url": "https://www.suse.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23978",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-devel-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-common-78.8.0-8.32.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:MozillaFirefox-translations-other-78.8.0-8.32.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T12:41:24Z",
"details": "important"
}
],
"title": "CVE-2021-23978"
}
]
}
SUSE-SU-2021:14657-1
Vulnerability from csaf_suse - Published: 2021-03-01 15:13 - Updated: 2021-03-01 15:13Summary
Security update for MozillaFirefox
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox
Description of the patch: This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.8.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-08 (bsc#1182614)
* CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
* CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
Patchnames: slessp4-MozillaFirefox-14657
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\n- Firefox Extended Support Release 78.8.0 ESR\n * Fixed: Various stability, functionality, and security fixes\n MFSA 2021-08 (bsc#1182614)\n * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect\n * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect\n * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources\n * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slessp4-MozillaFirefox-14657",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_14657-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:14657-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-202114657-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:14657-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008409.html"
},
{
"category": "self",
"summary": "SUSE Bug 1182357",
"url": "https://bugzilla.suse.com/1182357"
},
{
"category": "self",
"summary": "SUSE Bug 1182614",
"url": "https://bugzilla.suse.com/1182614"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23968 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23969 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23973 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23978 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23978/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2021-03-01T15:13:35Z",
"generator": {
"date": "2021-03-01T15:13:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:14657-1",
"initial_release_date": "2021-03-01T15:13:35Z",
"revision_history": [
{
"date": "2021-03-01T15:13:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.8.0-78.120.1.x86_64",
"product": {
"name": "MozillaFirefox-78.8.0-78.120.1.x86_64",
"product_id": "MozillaFirefox-78.8.0-78.120.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64",
"product_id": "MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64",
"product_id": "MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-78.120.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-78.8.0-78.120.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-78.120.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23968"
}
],
"notes": [
{
"category": "general",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23968",
"url": "https://www.suse.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23968",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T15:13:35Z",
"details": "important"
}
],
"title": "CVE-2021-23968"
},
{
"cve": "CVE-2021-23969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23969"
}
],
"notes": [
{
"category": "general",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u0027s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23969",
"url": "https://www.suse.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23969",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T15:13:35Z",
"details": "important"
}
],
"title": "CVE-2021-23969"
},
{
"cve": "CVE-2021-23973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23973"
}
],
"notes": [
{
"category": "general",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23973",
"url": "https://www.suse.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23973",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T15:13:35Z",
"details": "important"
}
],
"title": "CVE-2021-23973"
},
{
"cve": "CVE-2021-23978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23978"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23978",
"url": "https://www.suse.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23978",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-78.120.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:MozillaFirefox-translations-other-78.8.0-78.120.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T15:13:35Z",
"details": "important"
}
],
"title": "CVE-2021-23978"
}
]
}
SUSE-SU-2021:0676-1
Vulnerability from csaf_suse - Published: 2021-03-02 09:01 - Updated: 2021-03-02 09:01Summary
Security update for MozillaFirefox
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox
Description of the patch: This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.8.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-08 (bsc#1182614)
* CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
* CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
* Fixed: Prevent access to NTFS special paths that could lead to filesystem corruption.
* Buffer overflow in depth pitch calculations for compressed textures
Patchnames: SUSE-2021-676,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-676,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-676,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-676,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-676,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-676,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-676,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-676,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-676,SUSE-Storage-6-2021-676
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\n- Firefox Extended Support Release 78.8.0 ESR\n * Fixed: Various stability, functionality, and security fixes\n MFSA 2021-08 (bsc#1182614)\n * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect\n * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect\n * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources\n * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8\n * Fixed: Prevent access to NTFS special paths that could lead to filesystem corruption. \n * Buffer overflow in depth pitch calculations for compressed textures \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-676,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-676,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-676,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-676,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-676,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-676,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-676,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-676,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-676,SUSE-Storage-6-2021-676",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0676-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:0676-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20210676-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:0676-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008414.html"
},
{
"category": "self",
"summary": "SUSE Bug 1181848",
"url": "https://bugzilla.suse.com/1181848"
},
{
"category": "self",
"summary": "SUSE Bug 1182357",
"url": "https://bugzilla.suse.com/1182357"
},
{
"category": "self",
"summary": "SUSE Bug 1182614",
"url": "https://bugzilla.suse.com/1182614"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23968 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23969 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23973 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23978 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23978/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2021-03-02T09:01:13Z",
"generator": {
"date": "2021-03-02T09:01:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:0676-1",
"initial_release_date": "2021-03-02T09:01:13Z",
"revision_history": [
{
"date": "2021-03-02T09:01:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.8.0-3.133.1.aarch64",
"product": {
"name": "MozillaFirefox-78.8.0-3.133.1.aarch64",
"product_id": "MozillaFirefox-78.8.0-3.133.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.8.0-3.133.1.aarch64",
"product": {
"name": "MozillaFirefox-branding-upstream-78.8.0-3.133.1.aarch64",
"product_id": "MozillaFirefox-branding-upstream-78.8.0-3.133.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"product": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"product_id": "MozillaFirefox-devel-78.8.0-3.133.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"product_id": "MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"product_id": "MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.8.0-3.133.1.i686",
"product": {
"name": "MozillaFirefox-78.8.0-3.133.1.i686",
"product_id": "MozillaFirefox-78.8.0-3.133.1.i686"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.8.0-3.133.1.i686",
"product": {
"name": "MozillaFirefox-branding-upstream-78.8.0-3.133.1.i686",
"product_id": "MozillaFirefox-branding-upstream-78.8.0-3.133.1.i686"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-78.8.0-3.133.1.i686",
"product": {
"name": "MozillaFirefox-buildsymbols-78.8.0-3.133.1.i686",
"product_id": "MozillaFirefox-buildsymbols-78.8.0-3.133.1.i686"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.8.0-3.133.1.i686",
"product": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.i686",
"product_id": "MozillaFirefox-devel-78.8.0-3.133.1.i686"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.i686",
"product": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.i686",
"product_id": "MozillaFirefox-translations-common-78.8.0-3.133.1.i686"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.i686",
"product": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.i686",
"product_id": "MozillaFirefox-translations-other-78.8.0-3.133.1.i686"
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.8.0-3.133.1.ppc64le",
"product": {
"name": "MozillaFirefox-78.8.0-3.133.1.ppc64le",
"product_id": "MozillaFirefox-78.8.0-3.133.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.8.0-3.133.1.ppc64le",
"product": {
"name": "MozillaFirefox-branding-upstream-78.8.0-3.133.1.ppc64le",
"product_id": "MozillaFirefox-branding-upstream-78.8.0-3.133.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"product": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"product_id": "MozillaFirefox-devel-78.8.0-3.133.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"product_id": "MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"product_id": "MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.8.0-3.133.1.s390x",
"product": {
"name": "MozillaFirefox-78.8.0-3.133.1.s390x",
"product_id": "MozillaFirefox-78.8.0-3.133.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.8.0-3.133.1.s390x",
"product": {
"name": "MozillaFirefox-branding-upstream-78.8.0-3.133.1.s390x",
"product_id": "MozillaFirefox-branding-upstream-78.8.0-3.133.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"product": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"product_id": "MozillaFirefox-devel-78.8.0-3.133.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"product": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"product_id": "MozillaFirefox-translations-common-78.8.0-3.133.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"product": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"product_id": "MozillaFirefox-translations-other-78.8.0-3.133.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.8.0-3.133.1.x86_64",
"product": {
"name": "MozillaFirefox-78.8.0-3.133.1.x86_64",
"product_id": "MozillaFirefox-78.8.0-3.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.8.0-3.133.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-78.8.0-3.133.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-78.8.0-3.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-78.8.0-3.133.1.x86_64",
"product": {
"name": "MozillaFirefox-buildsymbols-78.8.0-3.133.1.x86_64",
"product_id": "MozillaFirefox-buildsymbols-78.8.0-3.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"product_id": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"product_id": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"product_id": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.0",
"product": {
"name": "SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.0",
"product": {
"name": "SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.0",
"product": {
"name": "SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 6",
"product": {
"name": "SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.aarch64"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.ppc64le"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.s390x"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.s390x"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.ppc64le"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.x86_64 as component of SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64 as component of SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64 as component of SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64 as component of SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.ppc64le as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.ppc64le"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.s390x as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.s390x"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.x86_64 as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.ppc64le as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.s390x as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.s390x"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64 as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.s390x as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64 as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.s390x as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64 as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.aarch64"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-3.133.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23968"
}
],
"notes": [
{
"category": "general",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23968",
"url": "https://www.suse.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23968",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-02T09:01:13Z",
"details": "important"
}
],
"title": "CVE-2021-23968"
},
{
"cve": "CVE-2021-23969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23969"
}
],
"notes": [
{
"category": "general",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u0027s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23969",
"url": "https://www.suse.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23969",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-02T09:01:13Z",
"details": "important"
}
],
"title": "CVE-2021-23969"
},
{
"cve": "CVE-2021-23973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23973"
}
],
"notes": [
{
"category": "general",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23973",
"url": "https://www.suse.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23973",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-02T09:01:13Z",
"details": "important"
}
],
"title": "CVE-2021-23973"
},
{
"cve": "CVE-2021-23978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23978"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23978",
"url": "https://www.suse.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23978",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Enterprise Storage 6:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Proxy 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-devel-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-common-78.8.0-3.133.1.x86_64",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.ppc64le",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.s390x",
"SUSE Manager Server 4.0:MozillaFirefox-translations-other-78.8.0-3.133.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-02T09:01:13Z",
"details": "important"
}
],
"title": "CVE-2021-23978"
}
]
}
SUSE-SU-2021:0667-1
Vulnerability from csaf_suse - Published: 2021-03-01 16:33 - Updated: 2021-03-01 16:33Summary
Security update for MozillaFirefox
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox
Description of the patch: This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.8.0 ESR
* Fixed: Various stability, functionality, and security fixes
MFSA 2021-08 (bsc#1182614)
* CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
* CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
Patchnames: HPE-Helion-OpenStack-8-2021-667,SUSE-2021-667,SUSE-OpenStack-Cloud-7-2021-667,SUSE-OpenStack-Cloud-8-2021-667,SUSE-OpenStack-Cloud-9-2021-667,SUSE-OpenStack-Cloud-Crowbar-8-2021-667,SUSE-OpenStack-Cloud-Crowbar-9-2021-667,SUSE-SLE-SAP-12-SP2-2021-667,SUSE-SLE-SAP-12-SP3-2021-667,SUSE-SLE-SAP-12-SP4-2021-667,SUSE-SLE-SDK-12-SP5-2021-667,SUSE-SLE-SERVER-12-SP2-2021-667,SUSE-SLE-SERVER-12-SP2-BCL-2021-667,SUSE-SLE-SERVER-12-SP3-2021-667,SUSE-SLE-SERVER-12-SP3-BCL-2021-667,SUSE-SLE-SERVER-12-SP4-LTSS-2021-667,SUSE-SLE-SERVER-12-SP5-2021-667
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\n- Firefox Extended Support Release 78.8.0 ESR\n * Fixed: Various stability, functionality, and security fixes\n MFSA 2021-08 (bsc#1182614)\n * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect\n * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect\n * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources\n * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2021-667,SUSE-2021-667,SUSE-OpenStack-Cloud-7-2021-667,SUSE-OpenStack-Cloud-8-2021-667,SUSE-OpenStack-Cloud-9-2021-667,SUSE-OpenStack-Cloud-Crowbar-8-2021-667,SUSE-OpenStack-Cloud-Crowbar-9-2021-667,SUSE-SLE-SAP-12-SP2-2021-667,SUSE-SLE-SAP-12-SP3-2021-667,SUSE-SLE-SAP-12-SP4-2021-667,SUSE-SLE-SDK-12-SP5-2021-667,SUSE-SLE-SERVER-12-SP2-2021-667,SUSE-SLE-SERVER-12-SP2-BCL-2021-667,SUSE-SLE-SERVER-12-SP3-2021-667,SUSE-SLE-SERVER-12-SP3-BCL-2021-667,SUSE-SLE-SERVER-12-SP4-LTSS-2021-667,SUSE-SLE-SERVER-12-SP5-2021-667",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0667-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:0667-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20210667-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:0667-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008404.html"
},
{
"category": "self",
"summary": "SUSE Bug 1182357",
"url": "https://bugzilla.suse.com/1182357"
},
{
"category": "self",
"summary": "SUSE Bug 1182614",
"url": "https://bugzilla.suse.com/1182614"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23968 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23969 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23973 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23978 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23978/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2021-03-01T16:33:33Z",
"generator": {
"date": "2021-03-01T16:33:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:0667-1",
"initial_release_date": "2021-03-01T16:33:33Z",
"revision_history": [
{
"date": "2021-03-01T16:33:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.8.0-112.51.1.aarch64",
"product": {
"name": "MozillaFirefox-78.8.0-112.51.1.aarch64",
"product_id": "MozillaFirefox-78.8.0-112.51.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.8.0-112.51.1.aarch64",
"product": {
"name": "MozillaFirefox-branding-upstream-78.8.0-112.51.1.aarch64",
"product_id": "MozillaFirefox-branding-upstream-78.8.0-112.51.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"product": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"product_id": "MozillaFirefox-devel-78.8.0-112.51.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"product_id": "MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.8.0-112.51.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-other-78.8.0-112.51.1.aarch64",
"product_id": "MozillaFirefox-translations-other-78.8.0-112.51.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.8.0-112.51.1.ppc64le",
"product": {
"name": "MozillaFirefox-78.8.0-112.51.1.ppc64le",
"product_id": "MozillaFirefox-78.8.0-112.51.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.8.0-112.51.1.ppc64le",
"product": {
"name": "MozillaFirefox-branding-upstream-78.8.0-112.51.1.ppc64le",
"product_id": "MozillaFirefox-branding-upstream-78.8.0-112.51.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"product": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"product_id": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"product_id": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.8.0-112.51.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-other-78.8.0-112.51.1.ppc64le",
"product_id": "MozillaFirefox-translations-other-78.8.0-112.51.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.8.0-112.51.1.s390x",
"product": {
"name": "MozillaFirefox-78.8.0-112.51.1.s390x",
"product_id": "MozillaFirefox-78.8.0-112.51.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.8.0-112.51.1.s390x",
"product": {
"name": "MozillaFirefox-branding-upstream-78.8.0-112.51.1.s390x",
"product_id": "MozillaFirefox-branding-upstream-78.8.0-112.51.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"product": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"product_id": "MozillaFirefox-devel-78.8.0-112.51.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"product": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"product_id": "MozillaFirefox-translations-common-78.8.0-112.51.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.8.0-112.51.1.s390x",
"product": {
"name": "MozillaFirefox-translations-other-78.8.0-112.51.1.s390x",
"product_id": "MozillaFirefox-translations-other-78.8.0-112.51.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"product": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"product_id": "MozillaFirefox-78.8.0-112.51.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"product_id": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"product_id": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-78.8.0-112.51.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-78.8.0-112.51.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-78.8.0-112.51.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-buildsymbols-78.8.0-112.51.1.x86_64",
"product": {
"name": "MozillaFirefox-buildsymbols-78.8.0-112.51.1.x86_64",
"product_id": "MozillaFirefox-buildsymbols-78.8.0-112.51.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-78.8.0-112.51.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-78.8.0-112.51.1.x86_64",
"product_id": "MozillaFirefox-translations-other-78.8.0-112.51.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:MozillaFirefox-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:MozillaFirefox-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:MozillaFirefox-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23968"
}
],
"notes": [
{
"category": "general",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23968",
"url": "https://www.suse.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23968",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T16:33:33Z",
"details": "important"
}
],
"title": "CVE-2021-23968"
},
{
"cve": "CVE-2021-23969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23969"
}
],
"notes": [
{
"category": "general",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u0027s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23969",
"url": "https://www.suse.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23969",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T16:33:33Z",
"details": "important"
}
],
"title": "CVE-2021-23969"
},
{
"cve": "CVE-2021-23973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23973"
}
],
"notes": [
{
"category": "general",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23973",
"url": "https://www.suse.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23973",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T16:33:33Z",
"details": "important"
}
],
"title": "CVE-2021-23973"
},
{
"cve": "CVE-2021-23978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23978"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23978",
"url": "https://www.suse.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23978",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"HPE Helion OpenStack 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-devel-78.8.0-112.51.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:MozillaFirefox-translations-common-78.8.0-112.51.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T16:33:33Z",
"details": "important"
}
],
"title": "CVE-2021-23978"
}
]
}
SUSE-SU-2021:0661-1
Vulnerability from csaf_suse - Published: 2021-03-01 15:12 - Updated: 2021-03-01 15:12Summary
Security update for MozillaThunderbird
Severity
Important
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird 78.8
* fixed: Importing an address book from a CSV file always reported an error
* fixed: Security information for S/MIME messages was not displayed correctly prior to a draft being saved
* fixed: Calendar: FileLink UI fixes for Caldav calendars
* fixed: Recurring tasks were always marked incomplete; unable to use filters
* fixed: Various UI widgets not working
* fixed: Dark theme improvements
* fixed: Extension manager was missing link to addon support web page
* fixed: Various security fixes
MFSA 2021-09 (bsc#1182614)
* CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
* CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
* CVE-2021-23978: Memory safety bugs fixed in Thunderbird 78.8
Patchnames: SUSE-2021-661,SUSE-SLE-Product-WE-15-SP2-2021-661
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaThunderbird fixes the following issues:\n\n- Mozilla Thunderbird 78.8\n * fixed: Importing an address book from a CSV file always reported an error\n * fixed: Security information for S/MIME messages was not displayed correctly prior to a draft being saved\n * fixed: Calendar: FileLink UI fixes for Caldav calendars\n * fixed: Recurring tasks were always marked incomplete; unable to use filters\n * fixed: Various UI widgets not working\n * fixed: Dark theme improvements\n * fixed: Extension manager was missing link to addon support web page\n * fixed: Various security fixes\n MFSA 2021-09 (bsc#1182614)\n * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect\n * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect\n * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources\n * CVE-2021-23978: Memory safety bugs fixed in Thunderbird 78.8\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-661,SUSE-SLE-Product-WE-15-SP2-2021-661",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0661-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:0661-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20210661-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:0661-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008411.html"
},
{
"category": "self",
"summary": "SUSE Bug 1182357",
"url": "https://bugzilla.suse.com/1182357"
},
{
"category": "self",
"summary": "SUSE Bug 1182614",
"url": "https://bugzilla.suse.com/1182614"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23968 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23969 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23973 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23978 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23978/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2021-03-01T15:12:49Z",
"generator": {
"date": "2021-03-01T15:12:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:0661-1",
"initial_release_date": "2021-03-01T15:12:49Z",
"revision_history": [
{
"date": "2021-03-01T15:12:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-78.8.0-8.15.4.aarch64",
"product": {
"name": "MozillaThunderbird-78.8.0-8.15.4.aarch64",
"product_id": "MozillaThunderbird-78.8.0-8.15.4.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-78.8.0-8.15.4.aarch64",
"product": {
"name": "MozillaThunderbird-translations-common-78.8.0-8.15.4.aarch64",
"product_id": "MozillaThunderbird-translations-common-78.8.0-8.15.4.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-78.8.0-8.15.4.aarch64",
"product": {
"name": "MozillaThunderbird-translations-other-78.8.0-8.15.4.aarch64",
"product_id": "MozillaThunderbird-translations-other-78.8.0-8.15.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-78.8.0-8.15.4.i586",
"product": {
"name": "MozillaThunderbird-78.8.0-8.15.4.i586",
"product_id": "MozillaThunderbird-78.8.0-8.15.4.i586"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-78.8.0-8.15.4.i586",
"product": {
"name": "MozillaThunderbird-translations-common-78.8.0-8.15.4.i586",
"product_id": "MozillaThunderbird-translations-common-78.8.0-8.15.4.i586"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-78.8.0-8.15.4.i586",
"product": {
"name": "MozillaThunderbird-translations-other-78.8.0-8.15.4.i586",
"product_id": "MozillaThunderbird-translations-other-78.8.0-8.15.4.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-78.8.0-8.15.4.ppc64le",
"product": {
"name": "MozillaThunderbird-78.8.0-8.15.4.ppc64le",
"product_id": "MozillaThunderbird-78.8.0-8.15.4.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-78.8.0-8.15.4.ppc64le",
"product": {
"name": "MozillaThunderbird-translations-common-78.8.0-8.15.4.ppc64le",
"product_id": "MozillaThunderbird-translations-common-78.8.0-8.15.4.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-78.8.0-8.15.4.ppc64le",
"product": {
"name": "MozillaThunderbird-translations-other-78.8.0-8.15.4.ppc64le",
"product_id": "MozillaThunderbird-translations-other-78.8.0-8.15.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-78.8.0-8.15.4.s390x",
"product": {
"name": "MozillaThunderbird-78.8.0-8.15.4.s390x",
"product_id": "MozillaThunderbird-78.8.0-8.15.4.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-78.8.0-8.15.4.s390x",
"product": {
"name": "MozillaThunderbird-translations-common-78.8.0-8.15.4.s390x",
"product_id": "MozillaThunderbird-translations-common-78.8.0-8.15.4.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-78.8.0-8.15.4.s390x",
"product": {
"name": "MozillaThunderbird-translations-other-78.8.0-8.15.4.s390x",
"product_id": "MozillaThunderbird-translations-other-78.8.0-8.15.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-78.8.0-8.15.4.x86_64",
"product": {
"name": "MozillaThunderbird-78.8.0-8.15.4.x86_64",
"product_id": "MozillaThunderbird-78.8.0-8.15.4.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64",
"product_id": "MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64",
"product_id": "MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 15 SP2",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-78.8.0-8.15.4.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP2",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-78.8.0-8.15.4.x86_64"
},
"product_reference": "MozillaThunderbird-78.8.0-8.15.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP2",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP2",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23968"
}
],
"notes": [
{
"category": "general",
"text": "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23968",
"url": "https://www.suse.com/security/cve/CVE-2021-23968"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23968",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T15:12:49Z",
"details": "important"
}
],
"title": "CVE-2021-23968"
},
{
"cve": "CVE-2021-23969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23969"
}
],
"notes": [
{
"category": "general",
"text": "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that\u0027s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination\u0027s origin. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23969",
"url": "https://www.suse.com/security/cve/CVE-2021-23969"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23969",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T15:12:49Z",
"details": "important"
}
],
"title": "CVE-2021-23969"
},
{
"cve": "CVE-2021-23973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23973"
}
],
"notes": [
{
"category": "general",
"text": "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23973",
"url": "https://www.suse.com/security/cve/CVE-2021-23973"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23973",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T15:12:49Z",
"details": "important"
}
],
"title": "CVE-2021-23973"
},
{
"cve": "CVE-2021-23978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23978"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23978",
"url": "https://www.suse.com/security/cve/CVE-2021-23978"
},
{
"category": "external",
"summary": "SUSE Bug 1182614 for CVE-2021-23978",
"url": "https://bugzilla.suse.com/1182614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-common-78.8.0-8.15.4.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP2:MozillaThunderbird-translations-other-78.8.0-8.15.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-03-01T15:12:49Z",
"details": "important"
}
],
"title": "CVE-2021-23978"
}
]
}
CERTFR-2021-AVI-144
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 78.8 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 78.8",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"name": "CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"name": "CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"name": "CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-144",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-24T00:00:00.000000"
},
{
"description": "Correction du bulletin de s\u00e9curit\u00e9 Mozilla.",
"revision_date": "2021-03-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-09 du 23 f\u00e9vrier 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/"
}
]
}
CERTFR-2021-AVI-144
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 78.8 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 78.8",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"name": "CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"name": "CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"name": "CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-144",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-24T00:00:00.000000"
},
{
"description": "Correction du bulletin de s\u00e9curit\u00e9 Mozilla.",
"revision_date": "2021-03-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-09 du 23 f\u00e9vrier 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/"
}
]
}
CERTFR-2021-AVI-143
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 78.8",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 86",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-23970",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23970"
},
{
"name": "CVE-2021-23977",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23977"
},
{
"name": "CVE-2021-23976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23976"
},
{
"name": "CVE-2021-23975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23975"
},
{
"name": "CVE-2021-23979",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23979"
},
{
"name": "CVE-2021-23974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23974"
},
{
"name": "CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"name": "CVE-2021-23971",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23971"
},
{
"name": "CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"name": "CVE-2020-26954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26954"
},
{
"name": "CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"name": "CVE-2021-23972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23972"
},
{
"name": "CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-143",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-07 du 23 f\u00e9vrier 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-08 du 23 f\u00e9vrier 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/"
}
]
}
CERTFR-2021-AVI-143
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 78.8",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 86",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-23970",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23970"
},
{
"name": "CVE-2021-23977",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23977"
},
{
"name": "CVE-2021-23976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23976"
},
{
"name": "CVE-2021-23975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23975"
},
{
"name": "CVE-2021-23979",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23979"
},
{
"name": "CVE-2021-23974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23974"
},
{
"name": "CVE-2021-23973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23973"
},
{
"name": "CVE-2021-23971",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23971"
},
{
"name": "CVE-2021-23968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23968"
},
{
"name": "CVE-2020-26954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26954"
},
{
"name": "CVE-2021-23969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23969"
},
{
"name": "CVE-2021-23972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23972"
},
{
"name": "CVE-2021-23978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23978"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-143",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-07 du 23 f\u00e9vrier 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2021-08 du 23 f\u00e9vrier 2021",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/"
}
]
}
CNVD-2021-15353
Vulnerability from cnvd - Published: 2021-03-08
VLAI Severity ?
Title
Mozilla Firefox存在未明漏洞(CNVD-2021-15353)
Description
Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。
Mozilla Firefox 中存在安全漏洞。目前没有详细的漏洞细节提供。
Severity
中
Patch Name
Mozilla Firefox存在未明漏洞(CNVD-2021-15353)的补丁
Patch Description
Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。
Mozilla Firefox 中存在安全漏洞。目前没有详细的漏洞细节提供。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/
Reference
https://bugzilla.mozilla.org/show_bug.cgi?id=1690976
Impacted products
| Name | ['Mozilla Firefox <86', 'Mozilla Thunderbird <78.8', 'Mozilla Firefox ESR <78.8'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-23973",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-23973"
}
},
"description": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\n\nMozilla Firefox \u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-09/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-15353",
"openTime": "2021-03-08",
"patchDescription": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMozilla Firefox \u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mozilla Firefox\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-15353\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Mozilla Firefox \u003c86",
"Mozilla Thunderbird \u003c78.8",
"Mozilla Firefox ESR \u003c78.8"
]
},
"referenceLink": "https://bugzilla.mozilla.org/show_bug.cgi?id=1690976",
"serverity": "\u4e2d",
"submitTime": "2021-03-05",
"title": "Mozilla Firefox\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-15353\uff09"
}
OPENSUSE-SU-2024:14572-1
Vulnerability from csaf_opensuse - Published: 2024-12-12 00:00 - Updated: 2024-12-12 00:00Summary
firefox-esr-128.5.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: firefox-esr-128.5.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the firefox-esr-128.5.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14572
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.1 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.3 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.3 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.1 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.6 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.1 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.1 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.8 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.2 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.3 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.3 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.2 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
10 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.3 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.8 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.8 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.8 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
10 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.6 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.6 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.6 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.1 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.6 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.2 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.3 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.3 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||