RLSA-2023:7500
See a problem?- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2023:7500.json
- JSON Data
- https://api.osv.dev/v1/vulns/RLSA-2023:7500
- Related
- Published
- 2023-11-28T22:43:36.549632Z
- Modified
- 2023-11-28T22:45:10.234425Z
- Summary
- Important: thunderbird security update
- Details
-
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.5.0.
Security Fix(es):
Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)
Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)
Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)
Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)
Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)
Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)
Mozilla: Incorrect parsing of relative URLs starting with "///" (CVE-2023-6209)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://errata.rockylinux.org/RLSA-2023:7500
- https://bugzilla.redhat.com/show_bug.cgi?id=2250896
- https://bugzilla.redhat.com/show_bug.cgi?id=2250897
- https://bugzilla.redhat.com/show_bug.cgi?id=2250898
- https://bugzilla.redhat.com/show_bug.cgi?id=2250899
- https://bugzilla.redhat.com/show_bug.cgi?id=2250900
- https://bugzilla.redhat.com/show_bug.cgi?id=2250901
- https://bugzilla.redhat.com/show_bug.cgi?id=2250902
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:8 / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:rpm/rocky-linux/thunderbird?distro=rocky-linux-8&epoch=0