MGASA-2023-0116 - Updated thunderbird packages fix security vulnerability Publication date: 24 Mar 2023 URL: https://advisories.mageia.org/MGASA-2023-0116.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-25751, CVE-2023-25752, CVE-2023-28162, CVE-2023-28164, CVE-2023-28176 Incorrect code generation during JIT compilation. (CVE-2023-25751) Potential out-of-bounds when accessing throttled streams. (CVE-20223-25752) Invalid downcast in Worklets. (CVE-2023-28162) URL being dragged from a removed cross-origin iframe into the same tab triggered navigation. (CVE-2023-28164) Memory safety bugs fixed in Thunderbird 102.9. (CVE-2023-28176) References: - https://bugs.mageia.org/show_bug.cgi?id=31684 - https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25751 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25752 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28162 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28164 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28176 SRPMS: - 8/core/thunderbird-102.9.0-1.mga8 - 8/core/thunderbird-l10n-102.9.0-1.mga8