Security update for MozillaThunderbird SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:3731-1 Final 1 1 2024-10-18T14:29:47Z current 2024-10-18T14:29:47Z 2024-10-18T14:29:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaThunderbird This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.3.1 (MFSA 2024-52, bsc#1231413): - CVE-2024-9680: Fixed use-after-free in Animation timeline (bmo#1923344) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-3731,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3731,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3731,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3731,SUSE-SLE-Product-WE-15-SP5-2024-3731,SUSE-SLE-Product-WE-15-SP6-2024-3731,openSUSE-SLE-15.5-2024-3731,openSUSE-SLE-15.6-2024-3731 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20243731-1/ Link for SUSE-SU-2024:3731-1 https://lists.suse.com/pipermail/sle-security-updates/2024-October/019660.html E-Mail link for SUSE-SU-2024:3731-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1231413 SUSE Bug 1231413 https://www.suse.com/security/cve/CVE-2024-9680/ SUSE CVE CVE-2024-9680 page SUSE Linux Enterprise Module for Package Hub 15 SP5 SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Workstation Extension 15 SP5 SUSE Linux Enterprise Workstation Extension 15 SP6 openSUSE Leap 15.5 openSUSE Leap 15.6 MozillaThunderbird-128.3.1-150200.8.185.1 MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 MozillaThunderbird-128.3.1-150200.8.185.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 MozillaThunderbird-128.3.1-150200.8.185.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-128.3.1-150200.8.185.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP5 MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP5 MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP5 MozillaThunderbird-128.3.1-150200.8.185.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-128.3.1-150200.8.185.1 as a component of openSUSE Leap 15.5 MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 as a component of openSUSE Leap 15.5 MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 as a component of openSUSE Leap 15.5 MozillaThunderbird-128.3.1-150200.8.185.1 as a component of openSUSE Leap 15.6 MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 as a component of openSUSE Leap 15.6 MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 as a component of openSUSE Leap 15.6 An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0. CVE-2024-9680 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.3.1-150200.8.185.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.3.1-150200.8.185.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-128.3.1-150200.8.185.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 SUSE Linux Enterprise Workstation Extension 15 SP5:MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.3.1-150200.8.185.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 openSUSE Leap 15.5:MozillaThunderbird-128.3.1-150200.8.185.1 openSUSE Leap 15.5:MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 openSUSE Leap 15.5:MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 openSUSE Leap 15.6:MozillaThunderbird-128.3.1-150200.8.185.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.3.1-150200.8.185.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.3.1-150200.8.185.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243731-1/ https://www.suse.com/security/cve/CVE-2024-9680.html CVE-2024-9680 https://bugzilla.suse.com/1231413 SUSE Bug 1231413