ALSA-2024:5392

Source
https://errata.almalinux.org/9/ALSA-2024-5392.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:5392.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2024:5392
Related
Published
2024-08-14T00:00:00Z
Modified
2024-08-21T12:26:14Z
Summary
Important: thunderbird security update
Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

  • EMBARGOED Thunderbird: 115.14/128.1 ()
  • mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)
  • mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)
  • mozilla: Type confusion in WebAssembly (CVE-2024-7520)
  • mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)
  • mozilla: Out of bounds read in editor component (CVE-2024-7522)
  • mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)
  • mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)
  • mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)
  • mozilla: Use-after-free in IndexedDB (CVE-2024-7528)
  • mozilla: Document content could partially obscure security prompts (CVE-2024-7529)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:9 / thunderbird

Package

Name
thunderbird

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.14.0-1.el9_4.alma.1