SUSE 5149 Published by

A seamonkey security update has been released for openSUSE Leap 15.3.



openSUSE-SU-2022:0108-1: important: Security update for seamonkey


openSUSE Security Update: Security update for seamonkey
______________________________________________________________________________

Announcement ID: openSUSE-SU-2022:0108-1
Rating: important
References: #1185055 #1188564 #1188565 #1191902 #1191904
#1191905 #1191909 #1191910 #1191911 #1191913
#1191914 #1192052 #1194198 #1194232 #1197518

Cross-References: CVE-2021-2163 CVE-2021-2341 CVE-2021-2369
CVE-2021-35556 CVE-2021-35559 CVE-2021-35560
CVE-2021-35564 CVE-2021-35565 CVE-2021-35578
CVE-2021-35586 CVE-2021-35588 CVE-2021-41035

CVSS scores:
CVE-2021-2163 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-2163 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-2341 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2021-2341 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2021-2369 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2021-2369 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2021-35556 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35556 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35559 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35560 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-35560 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-35564 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2021-35564 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2021-35565 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35565 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35578 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35578 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35586 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35586 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35588 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-35588 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-41035 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________

An update that solves 12 vulnerabilities and has three
fixes is now available.

Description:

SeaMonkey was updated to 2.53.11.1:

Update to SeaMonkey 2.53.11.1

* Fix edge case when setting IntersectionObserver threshold bug 1758291.
* OAuth2 prefs should use realuserName instead of username bug 1518126.
* SeaMonkey 2.53.11.1 uses the same backend as Firefox and contains the
relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.11.1 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.8.0 release notes for
specific security fixes in this release.
* Additional important security fixes up to Current Firefox 91.7 and
Thunderbird 91.7 ESR plus many enhancements have been backported. We
will continue to enhance SeaMonkey security in subsequent 2.53.x beta
and release versions as fast as we are able to.

* Remove obsolete MOZ_EXTENSIONS check in suite
* Add connect button to cZ Networks Editor
* Remove freenode remnants from ChatZilla in SeaMonkey
* Prefer secure over insecure protocol in network list in ChatZilla
* Composer - Change tag textbox is not removed after use
* Clean up repo links in debugQA
* Fix misspelled references to macOS in suite
* Remove obsolete references to Java and Flash
* Help button not working in delete cert dialog
* Rearrange Message Filter Dialog to make room for new features
* Use Insert key as shortcut to create new message filters
* Rename some variables used in SeaMonkey's FilterListDialog to match
Thunderbird's
* Implement Copy to New message filter functionality
* Add move to top / bottom buttons to message filters
* Add preference to not prompt for message filter deletion
* Clean up folder handling in FilterListDialog
* Add refresh function to Filter list dialog so that it can be updated
when already open and new filters are added externally
* Use listbox rather than tree in FilterListDialog
* MsgFilterList(args) should take targetFilter and pass it to
FilterListDialog
* Mail&News' start.xhtml: "We" link broken
* Add search functionality to filter dialog

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-2022-108=1 openSUSE-SLE-15.3-2022-108=1


Package List:

- openSUSE Leap 15.3 (ppc64le s390x x86_64):

java-1_8_0-ibm-1.8.0_sr7.0-3.53.1
java-1_8_0-ibm-demo-1.8.0_sr7.0-3.53.1
java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1
java-1_8_0-ibm-src-1.8.0_sr7.0-3.53.1

- openSUSE Leap 15.3 (i586 x86_64):

seamonkey-2.53.11.1-lp153.17.5.1
seamonkey-debuginfo-2.53.11.1-lp153.17.5.1
seamonkey-debugsource-2.53.11.1-lp153.17.5.1
seamonkey-dom-inspector-2.53.11.1-lp153.17.5.1
seamonkey-irc-2.53.11.1-lp153.17.5.1

- openSUSE Leap 15.3 (x86_64):

java-1_8_0-ibm-32bit-1.8.0_sr7.0-3.53.1
java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1
java-1_8_0-ibm-devel-32bit-1.8.0_sr7.0-3.53.1
java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1

References:

  https://www.suse.com/security/cve/CVE-2021-2163.html
  https://www.suse.com/security/cve/CVE-2021-2341.html
  https://www.suse.com/security/cve/CVE-2021-2369.html
  https://www.suse.com/security/cve/CVE-2021-35556.html
  https://www.suse.com/security/cve/CVE-2021-35559.html
  https://www.suse.com/security/cve/CVE-2021-35560.html
  https://www.suse.com/security/cve/CVE-2021-35564.html
  https://www.suse.com/security/cve/CVE-2021-35565.html
  https://www.suse.com/security/cve/CVE-2021-35578.html
  https://www.suse.com/security/cve/CVE-2021-35586.html
  https://www.suse.com/security/cve/CVE-2021-35588.html
  https://www.suse.com/security/cve/CVE-2021-41035.html
  https://bugzilla.suse.com/1185055
  https://bugzilla.suse.com/1188564
  https://bugzilla.suse.com/1188565
  https://bugzilla.suse.com/1191902
  https://bugzilla.suse.com/1191904
  https://bugzilla.suse.com/1191905
  https://bugzilla.suse.com/1191909
  https://bugzilla.suse.com/1191910
  https://bugzilla.suse.com/1191911
  https://bugzilla.suse.com/1191913
  https://bugzilla.suse.com/1191914
  https://bugzilla.suse.com/1192052
  https://bugzilla.suse.com/1194198
  https://bugzilla.suse.com/1194232
  https://bugzilla.suse.com/1197518