Rocky Linux: RLSA-2023:4497 thunderbird security update
Summary
An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Security Fix(es): * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions (CVE-2023-4045) * Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-4047) * Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048) * Mozilla: Fix potential race conditions when releasing platform objects (CVE-2023-4049) * Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050) * Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 (CVE-2023-4056) * Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird 115.1 (CVE-2023-4057) * thunderbird: File Extension Spoofing using the Text Direction Override Character (CVE-2023-3417) * Mozilla: Cookie jar overflow caused unexpected cookie jar state (CVE-2023-4055) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RPMs
thunderbird-0:102.14.0-1.el8_8.aarch64.rpm
thunderbird-0:102.14.0-1.el8_8.src.rpm
thunderbird-debuginfo-0:102.14.0-1.el8_8.aarch64.rpm
thunderbird-debugsource-0:102.14.0-1.el8_8.aarch64.rpm
thunderbird-0:102.14.0-1.el8_8.x86_64.rpm
thunderbird-debuginfo-0:102.14.0-1.el8_8.x86_64.rpm
thunderbird-debugsource-0:102.14.0-1.el8_8.x86_64.rpm
References
No References
CVEs
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4057
Fixes
https://bugzilla.redhat.com/show_bug.cgi?id=2225325
https://bugzilla.redhat.com/show_bug.cgi?id=2228360
https://bugzilla.redhat.com/show_bug.cgi?id=2228361
https://bugzilla.redhat.com/show_bug.cgi?id=2228362
https://bugzilla.redhat.com/show_bug.cgi?id=2228363
https://bugzilla.redhat.com/show_bug.cgi?id=2228364
https://bugzilla.redhat.com/show_bug.cgi?id=2228365
https://bugzilla.redhat.com/show_bug.cgi?id=2228367
https://bugzilla.redhat.com/show_bug.cgi?id=2228370
https://bugzilla.redhat.com/show_bug.cgi?id=2228371