Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.4.0.
Security Fix(es):
* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators (CVE-2022-39249)
* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack (CVE-2022-39250)
* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack (CVE-2022-39251)
* Mozilla: Same-origin policy violation could have leaked cross-origin URLs (CVE-2022-42927)
* Mozilla: Memory Corruption in JS Engine (CVE-2022-42928)
* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue (CVE-2022-39236)
* Mozilla: Denial of Service via window.print (CVE-2022-42929)
* Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird 102.4 (CVE-2022-42932)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
thunderbird-102.4.0-1.el8_6.alma.aarch64.rpm |
dd569ea72fd25857ea9c65878f3990e3922a2b14445ae5ee678b7c236ff02ab2 |
| ppc64le |
thunderbird-102.4.0-1.el8_6.alma.ppc64le.rpm |
ae32f9a76dfc14532e5d289c2db17dcd9780fd7176f75e49951124ae692fe8ac |
| s390x |
thunderbird-102.4.0-1.el8_6.alma.s390x.rpm |
234a3100118b0fb8cb34ce66cd0392a42f29ea7dd0db53d384aeb8ce06a3612a |
| x86_64 |
thunderbird-102.4.0-1.el8_6.alma.x86_64.rpm |
ad461584747a38030ace18dcdf9a4c218e08471d94c4128583f652b4a25b2e7b |
