Rocky Linux: RLSA-2023:1403 thunderbird security update
Summary
An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.9.0. Security Fix(es): * Mozilla: Incorrect code generation during JIT compilation (CVE-2023-25751) * Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 (CVE-2023-28176) * Mozilla: Potential out-of-bounds when accessing throttled streams (CVE-2023-25752) * Mozilla: Invalid downcast in Worklets (CVE-2023-28162) * Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (CVE-2023-28164) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RPMs
thunderbird-0:102.9.0-1.el8_7.aarch64.rpm
thunderbird-0:102.9.0-1.el8_7.src.rpm
thunderbird-0:102.9.0-1.el8_7.x86_64.rpm
thunderbird-debuginfo-0:102.9.0-1.el8_7.aarch64.rpm
thunderbird-debuginfo-0:102.9.0-1.el8_7.x86_64.rpm
thunderbird-debugsource-0:102.9.0-1.el8_7.aarch64.rpm
thunderbird-debugsource-0:102.9.0-1.el8_7.x86_64.rpm
References
No References
CVEs
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28176
Fixes
https://bugzilla.redhat.com/show_bug.cgi?id=2178458
https://bugzilla.redhat.com/show_bug.cgi?id=2178460
https://bugzilla.redhat.com/show_bug.cgi?id=2178466
https://bugzilla.redhat.com/show_bug.cgi?id=2178470
https://bugzilla.redhat.com/show_bug.cgi?id=2178472