Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia: 2022-0253 Moderate: Thunderbird Use-After-Free and CSP Bypass

mageia
Calendar Grey July 5, 2022
Dist Mageia Esm H88
Recent updates for Thunderbird packages target various security vulnerabilities linked to CVE identifiers for users of Mageia 8.
A popup window could be resized in a way to overlay the address bar with web content

Summary

A popup window could be resized in a way to overlay the address bar with web content. (CVE-2022-34479)
Use-after-free in nsSHistory. (CVE-2022-34470)
CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI. (CVE-2022-34468)
An email with a mismatching OpenPGP signature date was accepted as valid. (CVE-2022-2226)
Potential integer overflow in ReplaceElementsAt. (CVE-2022-34481)
CSP bypass enabling stylesheet injection. (CVE-2022-31744)
Unavailable PAC file resulted in OCSP requests being blocked. (CVE-2022-34472)
Undesired attributes could be set as part of prototype pollution. (CVE-2022-2200)
Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102. (CVE-2022-34484)

References

- https://bugs.mageia.org/show_bug.cgi?id=30587

- https://www.thunderbird.net/en-US/thunderbird/91.11.0/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/

- https://www.cve.org/CVERecord?id=CVE-2022-2200

- https://www.cve.org/CVERecord?id=CVE-2022-2226

- https://www.cve.org/CVERecord?id=CVE-2022-31744

- https://www.cve.org/CVERecord?id=CVE-2022-34468

- https://www.cve.org/CVERecord?id=CVE-2022-34470

- https://www.cve.org/CVERecord?id=CVE-2022-34472

- https://www.cve.org/CVERecord?id=CVE-2022-34479

- https://www.cve.org/CVERecord?id=CVE-2022-34481

- https://www.cve.org/CVERecord?id=CVE-2022-34484

Topics%20covered

Topics Covered

security advisory moderate use-after-free CSP bypass Mageia email validation error popup overlay issue

Resolution

SRPMS

- 8/core/thunderbird-91.11.0-1.mga8

- 8/core/thunderbird-l10n-91.11.0-1.mga8

Publication date: 05 Jul 2022
URL: https://advisories.mageia.org/MGASA-2022-0253.html
Type: security
CVE: CVE-2022-2200, CVE-2022-2226, CVE-2022-31744, CVE-2022-34468, CVE-2022-34470, CVE-2022-34472, CVE-2022-34479, CVE-2022-34481, CVE-2022-34484

Topics%20covered

Topics Covered

security advisory moderate use-after-free CSP bypass Mageia email validation error popup overlay issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here