[ALSA-2023:7500] Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2023-11-29
Description:
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.5.0. Security Fix(es): * Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204) * Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205) * Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206) * Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207) * Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212) * Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208) * Mozilla: Incorrect parsing of relative URLs starting with "///" (CVE-2023-6209) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 thunderbird-115.5.0-1.el8_9.alma.1.aarch64.rpm d84ba545e7279b25aee2685f0b6be1f841c8d919d9eccaa8b2dfa3ad0632f14f
ppc64le thunderbird-115.5.0-1.el8_9.alma.1.ppc64le.rpm 6f06ef0918c606d12633145e4e984e12feee5da3b3da9cab7516bffbaeb918cb
s390x thunderbird-115.5.0-1.el8_9.alma.1.s390x.rpm 91198d8ab3e720f03d6a55030d464ac2ccf93bf2c93fc4b8d978ae4fbdbc2e8c
x86_64 thunderbird-115.5.0-1.el8_9.alma.1.x86_64.rpm 94b66e132c7984345ef8e715aa3d89d905e8b7eb385cc860e76f3024f43feba6
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.