Mageia: MGASA-2021-0506 Moderate: Thunderbird Security Threats

Updated thunderbird packages fix security vulnerabilities:
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame (CVE-2021-38503).
When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash (CVE-2021-38504).
Through a series of navigations, Thunderbird could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing (CVE-2021-38506).
The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443...