MGASA-2023-0309

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2023-0309.html
Import Source
https://advisories.mageia.org/MGASA-2023-0309.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2023-0309
Related
Published
2023-11-06T23:08:32Z
Modified
2023-11-06T21:40:48Z
Summary
Updated thunderbird packages fix security vulnerabilities
Details

The updated packages fix security vulnerabilities:

Queued up rendering could have allowed websites to clickjack. (CVE-2023-5721)

Address bar spoofing via bidirectional characters. (CVE-2023-5732)

Large WebGL draw could have led to a crash. (CVE-2023-5724)

WebExtensions could open arbitrary URLs. (CVE-2023-5725)

Improper object tracking during GC in the JavaScript engine could have led to a crash. (CVE-2023-5728)

Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1. (CVE-2023-5730)

References
Credits

Affected packages

Mageia:9 / thunderbird

Package

Name
thunderbird
Purl
pkg:rpm/mageia/thunderbird?distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.4.1-1.mga9

Ecosystem specific 

{
    "section": "core"
}

Mageia:9 / thunderbird-l10n

Package

Name
thunderbird-l10n
Purl
pkg:rpm/mageia/thunderbird-l10n?distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.4.1-1.mga9

Ecosystem specific 

{
    "section": "core"
}