Security update for MozillaThunderbird SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:3664-1 Final 1 1 2023-09-18T19:50:30Z current 2023-09-18T19:50:30Z 2023-09-18T19:50:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaThunderbird This update for MozillaThunderbird fixes the following issues: Security fixes: - Mozilla Thunderbird 115.2.2 (MFSA 2023-40, bsc#1215245) - CVE-2023-4863: Fixed heap buffer overflow in libwebp (bmo#1852649). - Mozilla Thunderbird 115.2 (MFSA 2023-38, bsc#1214606) - CVE-2023-4573: Memory corruption in IPC CanvasTranslator (bmo#1846687) - CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback (bmo#1846688) - CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback (bmo#1846689) - CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation (bmo#1846694) - CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics (bmo#1847397) - CVE-2023-4051: Full screen notification obscured by file open dialog (bmo#1821884) - CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (bmo#1839007) - CVE-2023-4053: Full screen notification obscured by external program (bmo#1839079) - CVE-2023-4580: Push notifications saved to disk unencrypted (bmo#1843046) - CVE-2023-4581: XLL file extensions were downloadable without warnings (bmo#1843758) - CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv (bmo#1773874) - CVE-2023-4583: Browsing Context potentially not cleared when closing Private Window (bmo#1842030) - CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (bmo#1843968, bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529) - CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (bmo#1751583, bmo#1833504, bmo#1841082, bmo#1847904, bmo#1848999) Other fixes: Mozilla Thunderbird 115.2.1 * new: Column separators are now shown between all columns in tree view (bmo#1847441) * fixed: Crash reporter did not work in Thunderbird Flatpak (bmo#1843102) * fixed: New mail notification always opened message in message pane, even if pane was disabled (bmo#1840092) * fixed: After moving an IMAP message to another folder, the incorrect message was selected in the message list (bmo#1845376) * fixed: Adding a tag to an IMAP message opened in a tab failed (bmo#1844452) * fixed: Junk/Spam folders were not always shown in Unified Folders mode (bmo#1838672) * fixed: Middle-clicking a folder or message did not open it in a background tab, as in previous versions (bmo#1842482) * fixed: Settings tab visual improvements: Advanced Fonts dialog, Section headers hidden behind search box (bmo#1717382,bmo#1846751) * fixed: Various visual and style fixes (bmo#1843707,bmo#1849823) Mozilla Thunderbird 115.2 * new: Thunderbird MSIX packages are now published on archive.mozilla.org (bmo#1817657) * changed: Size, Unread, and Total columns are now right- aligned (bmo#1848604) * changed: Newsgroup names in message list header are now abbreviated (bmo#1833298) * fixed: Message compose window did not apply theme colors to menus (bmo#1845699) * fixed: Reading the second new message in a folder cleared the unread indicator of all other new messages (bmo#1839805) * fixed: Displayed counts of unread or flagged messages could become out-of-sync (bmo#1846860) * fixed: Deleting a message from the context menu with messages sorted in chronological order and smooth scroll enabled caused message list to scroll to top (bmo#1843462) * fixed: Repeatedly switching accounts in Subscribe dialog caused tree view to stop updating (bmo#1845593) * fixed: 'Ignore thread' caused message cards to display incorrectly in message list (bmo#1847966) * fixed: Creating tags from unified toolbar failed (bmo#1846336) * fixed: Cross-folder navigation using F and N did not work (bmo#1845011) * fixed: Account Manager did not resize to fit content, causing 'Close' button to become hidden outside bounds of dialog when too many accounts were listed (bmo#1847555) * fixed: Remote content exceptions could not be added in Settings (bmo#1847576) * fixed: Newsgroup list file did not get updated after adding a new NNTP server (bmo#1845464) * fixed: 'Download all headers' option in NNTP 'Download Headers' dialog was incorrectly selected by default (bmo#1845457) * fixed: 'Convert to event/task' was missing from mail context menu (bmo#1817705) * fixed: Events and tasks were not shown in some cases despite being present on remote server (bmo#1827100) * fixed: Various visual and UX improvements (bmo#1844244,bmo#1845645) - Mozilla Thunderbird 115.1.1 * fixed: Some HTML emails printed headers on first page and message on subsequent pages (bmo#1843628) * fixed: Deleting messages from message list sometimes scrolled list to bottom, selecting bottommost message (bmo#1835173) * fixed: Width of icon columns (like Junk or Starred) in message list did not adjust when UI density was changed (bmo#1843014) * fixed: Old OpenPGP secret keys could not be used to decrypt messages under certain circumstances (bmo#1835786) * fixed: When multiple folder modes were active, tab focus navigated through all folder mode options before reaching message list (bmo#1842060) * fixed: Unread message count badge was not displayed on parent folders of subfolder containing unread messages (bmo#1844534) * fixed: 'Undo archive' (via Ctrl-Z) did not un-archive previously archived messages (bmo#1829340) * fixed: 'New' button dropdown menu in 'Message Filters' dialog could not be opened via keyboard navigation (bmo#1843511) * fixed: 'Show New Mail Alert for' input field in 'Customize New Mail Alert' dialog had zero width when using certain language packs (bmo#1845832) * fixed: 'Account Wizard' dialog was too narrow when adding a news server, partially hiding confirmation buttons (bmo#1846588) * fixed: Link Properties and Image Properties dialogs in the composer were too wide (bmo#1816850) * fixed: Thunderbird version number and details in 'About' dialog were not automatically read by screen readers when first opening dialog (bmo#1847078) * fixed: Flatpak improvements and bug fixes (bmo#1825399,bmo#1843094,bmo#1843097) * fixed: Various visual and UX improvements (bmo#1846262) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-3664,SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3664,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3664,SUSE-SLE-Product-WE-15-SP4-2023-3664,SUSE-SLE-Product-WE-15-SP5-2023-3664,openSUSE-SLE-15.4-2023-3664,openSUSE-SLE-15.5-2023-3664 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/ Link for SUSE-SU-2023:3664-1 https://lists.suse.com/pipermail/sle-security-updates/2023-September/016188.html E-Mail link for SUSE-SU-2023:3664-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1214606 SUSE Bug 1214606 https://bugzilla.suse.com/1215231 SUSE Bug 1215231 https://bugzilla.suse.com/1215245 SUSE Bug 1215245 https://www.suse.com/security/cve/CVE-2023-4051/ SUSE CVE CVE-2023-4051 page https://www.suse.com/security/cve/CVE-2023-4053/ SUSE CVE CVE-2023-4053 page https://www.suse.com/security/cve/CVE-2023-4573/ SUSE CVE CVE-2023-4573 page https://www.suse.com/security/cve/CVE-2023-4574/ SUSE CVE CVE-2023-4574 page https://www.suse.com/security/cve/CVE-2023-4575/ SUSE CVE CVE-2023-4575 page https://www.suse.com/security/cve/CVE-2023-4576/ SUSE CVE CVE-2023-4576 page https://www.suse.com/security/cve/CVE-2023-4577/ SUSE CVE CVE-2023-4577 page https://www.suse.com/security/cve/CVE-2023-4578/ SUSE CVE CVE-2023-4578 page https://www.suse.com/security/cve/CVE-2023-4580/ SUSE CVE CVE-2023-4580 page https://www.suse.com/security/cve/CVE-2023-4581/ SUSE CVE CVE-2023-4581 page https://www.suse.com/security/cve/CVE-2023-4582/ SUSE CVE CVE-2023-4582 page https://www.suse.com/security/cve/CVE-2023-4583/ SUSE CVE CVE-2023-4583 page https://www.suse.com/security/cve/CVE-2023-4584/ SUSE CVE CVE-2023-4584 page https://www.suse.com/security/cve/CVE-2023-4585/ SUSE CVE CVE-2023-4585 page https://www.suse.com/security/cve/CVE-2023-4863/ SUSE CVE CVE-2023-4863 page SUSE Linux Enterprise Module for Package Hub 15 SP4 SUSE Linux Enterprise Module for Package Hub 15 SP5 SUSE Linux Enterprise Workstation Extension 15 SP4 SUSE Linux Enterprise Workstation Extension 15 SP5 openSUSE Leap 15.4 openSUSE Leap 15.5 MozillaThunderbird-115.2.2-150200.8.130.1 MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 MozillaThunderbird-115.2.2-150200.8.130.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP4 MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP4 MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP4 MozillaThunderbird-115.2.2-150200.8.130.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 MozillaThunderbird-115.2.2-150200.8.130.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP4 MozillaThunderbird-115.2.2-150200.8.130.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP5 MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP5 MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP5 MozillaThunderbird-115.2.2-150200.8.130.1 as a component of openSUSE Leap 15.4 MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 as a component of openSUSE Leap 15.4 MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 as a component of openSUSE Leap 15.4 MozillaThunderbird-115.2.2-150200.8.130.1 as a component of openSUSE Leap 15.5 MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 as a component of openSUSE Leap 15.5 MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 as a component of openSUSE Leap 15.5 A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. CVE-2023-4051 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 moderate 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/ https://www.suse.com/security/cve/CVE-2023-4051.html CVE-2023-4051 https://bugzilla.suse.com/1213746 SUSE Bug 1213746 A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. CVE-2023-4053 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 moderate 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/ https://www.suse.com/security/cve/CVE-2023-4053.html CVE-2023-4053 https://bugzilla.suse.com/1213746 SUSE Bug 1213746 When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. CVE-2023-4573 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 important 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/ https://www.suse.com/security/cve/CVE-2023-4573.html CVE-2023-4573 https://bugzilla.suse.com/1214606 SUSE Bug 1214606 When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. CVE-2023-4574 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 important 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/ https://www.suse.com/security/cve/CVE-2023-4574.html CVE-2023-4574 https://bugzilla.suse.com/1214606 SUSE Bug 1214606 When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. CVE-2023-4575 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 important 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/ https://www.suse.com/security/cve/CVE-2023-4575.html CVE-2023-4575 https://bugzilla.suse.com/1214606 SUSE Bug 1214606 On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. CVE-2023-4576 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 important 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/ https://www.suse.com/security/cve/CVE-2023-4576.html CVE-2023-4576 https://bugzilla.suse.com/1214606 SUSE Bug 1214606 When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. CVE-2023-4577 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 important 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/ https://www.suse.com/security/cve/CVE-2023-4577.html CVE-2023-4577 https://bugzilla.suse.com/1214606 SUSE Bug 1214606 When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. CVE-2023-4578 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 important 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/ https://www.suse.com/security/cve/CVE-2023-4578.html CVE-2023-4578 https://bugzilla.suse.com/1214606 SUSE Bug 1214606 Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. CVE-2023-4580 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 important 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/ https://www.suse.com/security/cve/CVE-2023-4580.html CVE-2023-4580 https://bugzilla.suse.com/1214606 SUSE Bug 1214606 Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. CVE-2023-4581 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 important 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/ https://www.suse.com/security/cve/CVE-2023-4581.html CVE-2023-4581 https://bugzilla.suse.com/1214606 SUSE Bug 1214606 Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. CVE-2023-4582 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 important 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/ https://www.suse.com/security/cve/CVE-2023-4582.html CVE-2023-4582 https://bugzilla.suse.com/1214606 SUSE Bug 1214606 When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. CVE-2023-4583 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 important 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/ https://www.suse.com/security/cve/CVE-2023-4583.html CVE-2023-4583 https://bugzilla.suse.com/1214606 SUSE Bug 1214606 Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. CVE-2023-4584 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 important 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/ https://www.suse.com/security/cve/CVE-2023-4584.html CVE-2023-4584 https://bugzilla.suse.com/1214606 SUSE Bug 1214606 Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. CVE-2023-4585 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 important 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/ https://www.suse.com/security/cve/CVE-2023-4585.html CVE-2023-4585 https://bugzilla.suse.com/1214606 SUSE Bug 1214606 Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) CVE-2023-4863 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.4:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-common-115.2.2-150200.8.130.1 openSUSE Leap 15.5:MozillaThunderbird-translations-other-115.2.2-150200.8.130.1 important 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/ https://www.suse.com/security/cve/CVE-2023-4863.html CVE-2023-4863 https://bugzilla.suse.com/1215231 SUSE Bug 1215231 https://bugzilla.suse.com/1217115 SUSE Bug 1217115 https://bugzilla.suse.com/1217117 SUSE Bug 1217117