MGASA-2022-0163

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0163.html

Import Source

https://advisories.mageia.org/MGASA-2022-0163.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2022-0163

Related

Published

2022-05-06T20:16:39Z

Modified

2022-05-06T19:28:41Z

Summary

Updated thunderbird packages fix security vulnerability

Details

Incorrect security status shown after viewing an attached email. (CVE-2022-1520) Fullscreen notification bypass using popups. (CVE-2022-29914) Bypassing permission prompt in nested browsing contexts. (CVE-2022-29909) Leaking browser history with CSS variables. (CVE-2022-29916) iframe sandbox bypass. (CVE-2022-29911) Reader mode bypassed SameSite cookies. (CVE-2022-29912) Speech Synthesis feature not properly disabled. (CVE-2022-29913) Memory safety bugs fixed in Thunderbird 91.9. (CVE-2022-29917)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / thunderbird

Package

Name: thunderbird
Purl: pkg:rpm/mageia/thunderbird?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

91.9.0-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / thunderbird-l10n

Package

Name: thunderbird-l10n
Purl: pkg:rpm/mageia/thunderbird-l10n?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

91.9.0-1.mga8

Ecosystem specific

{
    "section": "core"
}