Rocky Linux: RLSA-2022:9074 thunderbird security update | LinuxSec...

What Are You Looking For?

Popular Tags

Sign Up
{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2022:9074","synopsis":"Important: thunderbird security update","severity":"SEVERITY_IMPORTANT","topic":"An update for thunderbird is now available for Rocky Linux 8.\nRocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.","description":"Mozilla Thunderbird is a standalone mail and newsgroup client.\nThis update upgrades Thunderbird to version 102.6.0.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 8"],"fixes":[{"ticket":"2149868","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2149868","description":"CVE-2022-45414 Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content"},{"ticket":"2153441","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2153441","description":"CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process"},{"ticket":"2153449","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2153449","description":"CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions"},{"ticket":"2153454","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2153454","description":"CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6"},{"ticket":"2153463","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2153463","description":"CVE-2022-46880 Mozilla: Use-after-free in WebGL"},{"ticket":"2153466","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2153466","description":"CVE-2022-46881 Mozilla: Memory corruption in WebGL"},{"ticket":"2153467","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2153467","description":"CVE-2022-46882 Mozilla: Use-after-free in WebGL"}],"cves":[{"name":"CVE-2022-45414","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-45414.json","cvss3ScoringVector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","cvss3BaseScore":"6.1","cwe":"CWE-200"},{"name":"CVE-2022-46872","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-46872.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:H\/I:N\/A:N","cvss3BaseScore":"7.4","cwe":"CWE-200"},{"name":"CVE-2022-46874","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-46874.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","cvss3BaseScore":"6.1","cwe":"CWE-222"},{"name":"CVE-2022-46878","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-46878.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-120"},{"name":"CVE-2022-46880","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-46880.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-416"},{"name":"CVE-2022-46881","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-46881.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-119"},{"name":"CVE-2022-46882","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-46882.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","cvss3BaseScore":"6.1","cwe":"CWE-416"}],"references":[],"publishedAt":"2023-01-14T01:54:53.166867Z","rpms":{},"rebootSuggested":false,"buildReferences":[]}

Rocky Linux: RLSA-2022:9074 thunderbird security update

January 14, 2023
An update for thunderbird is now available for Rocky Linux 8. Rocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Important

Summary

An update for thunderbird is now available for Rocky Linux 8. Rocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.


Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

RPMs

References

No References

CVEs

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45414.json

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46872.json

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46874.json

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46878.json

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46880.json

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46881.json

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46882.json

Severity
Name: RLSA-2022:9074
Affected Products: Rocky Linux 8

Fixes

https://bugzilla.redhat.com/show_bug.cgi?id=2149868

https://bugzilla.redhat.com/show_bug.cgi?id=2153441

https://bugzilla.redhat.com/show_bug.cgi?id=2153449

https://bugzilla.redhat.com/show_bug.cgi?id=2153454

https://bugzilla.redhat.com/show_bug.cgi?id=2153463

https://bugzilla.redhat.com/show_bug.cgi?id=2153466

https://bugzilla.redhat.com/show_bug.cgi?id=2153467


Related News

Nitrux 2.8.1 Linux Distribution Unleashes Supercharged Security and Privacy Powers

Important Fix for c-ares DoS Bug Released

Linux Kernel DoS, Info Disclosure Bugs Fixed

The Secure Programmable Router Project Puts Your Network Back Under Your Control with a Raspberry Pi

News

Advisories

HOWTOs

Features

Linux Container Security Primer
Email Phishing Using Kali Linux
Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy