This update for MozillaThunderbird fixes the following issues:
Update to version 91.4 MFSA 2021-54 (bsc#1193485)
CVE-2021-43536: URL leakage when navigating while executing asynchronous function
CVE-2021-43537: Heap buffer overflow when using structured clone
CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both
CVE-2021-43539: GC rooting failure when calling wasm instance methods
CVE-2021-43541: External protocol handler parameters were unescaped
CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler
CVE-2021-43543: Bypass of CSP sandbox directive when embedding
CVE-2021-43545: Denial of Service when using the Location API in a loop
CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed
CVE-2021-43528: JavaScript unexpectedly enabled for the composition area
Update to version 91.3.2
CVE-2021-40529: Fixed ElGamal implementation could allow plaintext recovery (bsc#1190244)
Update to version 91.3 MFSA 2021-50 (bsc#1192250)
CVE-2021-38503: Fixed iframe sandbox rules did not apply to XSLT stylesheets
CVE-2021-38504: Fixed use-after-free in file picker dialog
CVE-2021-38505: Fixed Windows 10 Cloud Clipboard may have recorded sensitive user data
CVE-2021-38506: Fixed Thunderbird could be coaxed into going into fullscreen mode without notification or warning
CVE-2021-38507: Fixed opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
CVE-2021-38508: Fixed permission Prompt could be overlaid, resulting in user confusion and potential spoofing
CVE-2021-38509: Fixed Javascript alert box could have been spoofed onto an arbitrary domain
CVE-2021-38510: Fixed Download Protections were bypassed by .inetloc files on Mac OS
Fixed plain text reformatting regression (bsc#1182863)
Update to version 91.2 MFSA 2021-47 (bsc#1191332)
CVE-2021-29981: Live...
91.4.0-lp152.2.52.191.4.0-lp152.2.52.191.4.0-lp152.2.52.1