Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

Mageia 8 MGASA-2023-0057 Moderate: Thunderbird Memory Safety Issues

mageia
Calendar Grey February 20, 2023
Dist Mageia Esm H88
Recent updates to the Thunderbird application address various security vulnerabilities, improving both the user experience and adherence to memory management protocols.
User Interface lockup with messages combining S/MIME and OpenPGP

Summary

User Interface lockup with messages combining S/MIME and OpenPGP. (CVE-2023-0616)
Content security policy leak in violation reports using iframes. (CVE-2023-25728)
Screen hijack via browser fullscreen mode. (CVE-2023-25730)
Arbitrary memory write via PKCS 12 in NSS. (CVE-2023-0767)
Potential use-after-free from compartment mismatch in SpiderMonkey. (CVE-2023-25735)
Invalid downcast in SVGUtils::SetupStrokeGeometry. (CVE-2023-25737)
Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. (CVE-2023-25739)
Extensions could have opened external schemes without user knowledge. (CVE-2023-25729)
Out of bounds memory write from EncodeInputStream. (CVE-2023-25732)
Web Crypto ImportKey crashes tab. (CVE-2023-25742)
Memory safety bugs fixed in Thunderbird 102.8. (CVE-2023-25746)

References

- https://bugs.mageia.org/show_bug.cgi?id=31561

- https://www.thunderbird.net/en-US/thunderbird/102.8.0/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/

- https://www.cve.org/CVERecord?id=CVE-2023-0616

- https://www.cve.org/CVERecord?id=CVE-2023-0767

- https://www.cve.org/CVERecord?id=CVE-2023-25728

- https://www.cve.org/CVERecord?id=CVE-2023-25729

- https://www.cve.org/CVERecord?id=CVE-2023-25730

- https://www.cve.org/CVERecord?id=CVE-2023-25732

- https://www.cve.org/CVERecord?id=CVE-2023-25735

- https://www.cve.org/CVERecord?id=CVE-2023-25737

- https://www.cve.org/CVERecord?id=CVE-2023-25739

- https://www.cve.org/CVERecord?id=CVE-2023-25742

- https://www.cve.org/CVERecord?id=CVE-2023-25746

Resolution

SRPMS

- 8/core/thunderbird-102.8.0-1.mga8

- 8/core/thunderbird-l10n-102.8.0-1.mga8

Publication date: 20 Feb 2023
URL: https://advisories.mageia.org/MGASA-2023-0057.html
Type: security
CVE: CVE-2023-0616, CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25746

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.