openSUSE-SU-2022:0108-1: important: Security update for seamonkey

8 Apr 2022

      openSUSE Security Update: Security update for seamonkey
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2022:0108-1
Rating:             important
References:         #1185055 #1188564 #1188565 #1191902 #1191904 
                    #1191905 #1191909 #1191910 #1191911 #1191913 
                    #1191914 #1192052 #1194198 #1194232 #1197518 

Cross-References:   CVE-2021-2163 CVE-2021-2341 CVE-2021-2369
                    CVE-2021-35556 CVE-2021-35559 CVE-2021-35560
                    CVE-2021-35564 CVE-2021-35565 CVE-2021-35578
                    CVE-2021-35586 CVE-2021-35588 CVE-2021-41035

CVSS scores:
                    CVE-2021-2163 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
                    CVE-2021-2163 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
                    CVE-2021-2341 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
                    CVE-2021-2341 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
                    CVE-2021-2369 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
                    CVE-2021-2369 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
                    CVE-2021-35556 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35556 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35559 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35560 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2021-35560 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2021-35564 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-35564 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-35565 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35565 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35578 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35578 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35586 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35586 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-35588 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2021-35588 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
                    CVE-2021-41035 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    openSUSE Leap 15.3
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has three
   fixes is now available.

Description:

   SeaMonkey was updated to 2.53.11.1:

   Update to SeaMonkey 2.53.11.1

   * Fix edge case when setting IntersectionObserver threshold bug 1758291.
   * OAuth2 prefs should use realuserName instead of username bug 1518126.
   * SeaMonkey 2.53.11.1 uses the same backend as Firefox and contains the
     relevant Firefox 60.8 security fixes.
   * SeaMonkey 2.53.11.1 shares most parts of the mail and news code with
     Thunderbird. Please read the Thunderbird 60.8.0 release notes for
     specific security fixes in this release.
   * Additional important security fixes up to Current Firefox 91.7 and
     Thunderbird 91.7 ESR plus many enhancements have been backported. We
     will continue to enhance SeaMonkey security in subsequent 2.53.x beta
     and release versions as fast as we are able to.

   * Remove obsolete MOZ_EXTENSIONS check in suite
   * Add connect button to cZ Networks Editor
   * Remove freenode remnants from ChatZilla in SeaMonkey
   * Prefer secure over insecure protocol in network list in ChatZilla
   * Composer - Change tag textbox is not removed after use
   * Clean up repo links in debugQA
   * Fix misspelled references to macOS in suite
   * Remove obsolete references to Java and Flash
   * Help button not working in delete cert dialog
   * Rearrange Message Filter Dialog to make room for new features
   * Use Insert key as shortcut to create new message filters
   * Rename some variables used in SeaMonkey's FilterListDialog to match
     Thunderbird's
   * Implement Copy to New message filter functionality
   * Add move to top / bottom buttons to message filters
   * Add preference to not prompt for message filter deletion
   * Clean up folder handling in FilterListDialog
   * Add refresh function to Filter list dialog so that it can be updated
     when already open and new filters are added externally
   * Use listbox rather than tree in FilterListDialog
   * MsgFilterList(args) should take targetFilter and pass it to
     FilterListDialog
   * Mail&News' start.xhtml: "We" link broken
   * Add search functionality to filter dialog

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-2022-108=1 openSUSE-SLE-15.3-2022-108=1

Package List:

   - openSUSE Leap 15.3 (ppc64le s390x x86_64):

      java-1_8_0-ibm-1.8.0_sr7.0-3.53.1
      java-1_8_0-ibm-demo-1.8.0_sr7.0-3.53.1
      java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1
      java-1_8_0-ibm-src-1.8.0_sr7.0-3.53.1

   - openSUSE Leap 15.3 (i586 x86_64):

      seamonkey-2.53.11.1-lp153.17.5.1
      seamonkey-debuginfo-2.53.11.1-lp153.17.5.1
      seamonkey-debugsource-2.53.11.1-lp153.17.5.1
      seamonkey-dom-inspector-2.53.11.1-lp153.17.5.1
      seamonkey-irc-2.53.11.1-lp153.17.5.1

   - openSUSE Leap 15.3 (x86_64):

      java-1_8_0-ibm-32bit-1.8.0_sr7.0-3.53.1
      java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1
      java-1_8_0-ibm-devel-32bit-1.8.0_sr7.0-3.53.1
      java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1

References:

   https://www.suse.com/security/cve/CVE-2021-2163.html
   https://www.suse.com/security/cve/CVE-2021-2341.html
   https://www.suse.com/security/cve/CVE-2021-2369.html
   https://www.suse.com/security/cve/CVE-2021-35556.html
   https://www.suse.com/security/cve/CVE-2021-35559.html
   https://www.suse.com/security/cve/CVE-2021-35560.html
   https://www.suse.com/security/cve/CVE-2021-35564.html
   https://www.suse.com/security/cve/CVE-2021-35565.html
   https://www.suse.com/security/cve/CVE-2021-35578.html
   https://www.suse.com/security/cve/CVE-2021-35586.html
   https://www.suse.com/security/cve/CVE-2021-35588.html
   https://www.suse.com/security/cve/CVE-2021-41035.html
   https://bugzilla.suse.com/1185055
   https://bugzilla.suse.com/1188564
   https://bugzilla.suse.com/1188565
   https://bugzilla.suse.com/1191902
   https://bugzilla.suse.com/1191904
   https://bugzilla.suse.com/1191905
   https://bugzilla.suse.com/1191909
   https://bugzilla.suse.com/1191910
   https://bugzilla.suse.com/1191911
   https://bugzilla.suse.com/1191913
   https://bugzilla.suse.com/1191914
   https://bugzilla.suse.com/1192052
   https://bugzilla.suse.com/1194198
   https://bugzilla.suse.com/1194232
   https://bugzilla.suse.com/1197518

openSUSE-SU-2022:0108-1: important: Security update for seamonkey

opensuse-security＠opensuse.org