ALSA-2023:4497

Source
https://errata.almalinux.org/8/ALSA-2023-4497.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:4497.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2023:4497
Related
Published
2023-08-07T00:00:00Z
Modified
2023-08-08T10:19:31Z
Summary
Important: thunderbird security update
Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.14.0.

Security Fix(es):

  • Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions (CVE-2023-4045)
  • Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046)
  • Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-4047)
  • Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048)
  • Mozilla: Fix potential race conditions when releasing platform objects (CVE-2023-4049)
  • Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050)
  • Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 (CVE-2023-4056)
  • Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird 115.1 (CVE-2023-4057)
  • thunderbird: File Extension Spoofing using the Text Direction Override Character (CVE-2023-3417)
  • Mozilla: Cookie jar overflow caused unexpected cookie jar state (CVE-2023-4055)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / thunderbird

Package

Name
thunderbird

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
102.14.0-1.el8_8.alma