Mageia 9 MGASA-2023-0343 moderate: Thunderbird memory access flaws
mageia
December 8, 2023
The updated packages fix security vulnerabilities
Summary
The updated packages fix security vulnerabilities.
Out-of-bound memory access in WebGL2 blitFramebuffer. (CVE-2023-6204)
Use-after-free in MessagePort::Entangled. (CVE-2023-6205)
Clickjacking permission prompts using the fullscreen transition.
(CVE-2023-6206)
Use-after-free in ReadableByteStreamQueueEntry::Buffer. (CVE-2023-6207)
Using Selection API would copy contents into X11 primary selection.
(CVE-2023-6208)
Incorrect parsing of relative URLs starting with "///". (CVE-2023-6209)
Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. (CVE-2023-6212)
References
- https://bugs.mageia.org/show_bug.cgi?id=32552
- https://www.thunderbird.net/en-US/thunderbird/115.5.0/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/115.5.1/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/
- https://www.cve.org/CVERecord?id=CVE-2023-6204
- https://www.cve.org/CVERecord?id=CVE-2023-6205
- https://www.cve.org/CVERecord?id=CVE-2023-6206
- https://www.cve.org/CVERecord?id=CVE-2023-6207
- https://www.cve.org/CVERecord?id=CVE-2023-6208
- https://www.cve.org/CVERecord?id=CVE-2023-6209
- https://www.cve.org/CVERecord?id=CVE-2023-6212
Topics Covered
Resolution
SRPMS
- 9/core/thunderbird-115.5.1-1.mga9
- 9/core/thunderbird-l10n-115.5.1-1.mga9
PREVIOUS
NEXT
Publication date: 08 Dec 2023
URL: https://advisories.mageia.org/MGASA-2023-0343.html
Type: security
CVE: CVE-2023-6204,
CVE-2023-6205,
CVE-2023-6206,
CVE-2023-6207,
CVE-2023-6208,
CVE-2023-6209,
CVE-2023-6212
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!