MGASA-2023-0057

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2023-0057.html
Import Source
https://advisories.mageia.org/MGASA-2023-0057.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2023-0057
Related
Published
2023-02-20T21:25:36Z
Modified
2023-02-20T20:20:10Z
Summary
Updated thunderbird packages fix security vulnerability
Details

User Interface lockup with messages combining S/MIME and OpenPGP. (CVE-2023-0616)

Content security policy leak in violation reports using iframes. (CVE-2023-25728)

Screen hijack via browser fullscreen mode. (CVE-2023-25730)

Arbitrary memory write via PKCS 12 in NSS. (CVE-2023-0767)

Potential use-after-free from compartment mismatch in SpiderMonkey. (CVE-2023-25735)

Invalid downcast in SVGUtils::SetupStrokeGeometry. (CVE-2023-25737)

Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. (CVE-2023-25739)

Extensions could have opened external schemes without user knowledge. (CVE-2023-25729)

Out of bounds memory write from EncodeInputStream. (CVE-2023-25732)

Web Crypto ImportKey crashes tab. (CVE-2023-25742)

Memory safety bugs fixed in Thunderbird 102.8. (CVE-2023-25746)

References
Credits

Affected packages

Mageia:8 / thunderbird

Package

Name
thunderbird
Purl
pkg:rpm/mageia/thunderbird?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
102.8.0-1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / thunderbird-l10n

Package

Name
thunderbird-l10n
Purl
pkg:rpm/mageia/thunderbird-l10n?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
102.8.0-1.mga8

Ecosystem specific 

{
    "section": "core"
}