ALSA-2022:7178

[ALSA-2022:7178] Important: thunderbird security update

Type:

security

Severity:

important

Release date:

2022-11-20

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.4.0.

Security Fix(es):

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators (CVE-2022-39249)
* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack (CVE-2022-39250)
* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack (CVE-2022-39251)
* Mozilla: Same-origin policy violation could have leaked cross-origin URLs (CVE-2022-42927)
* Mozilla: Memory Corruption in JS Engine (CVE-2022-42928)
* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue (CVE-2022-39236)
* Mozilla: Denial of Service via window.print (CVE-2022-42929)
* Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird 102.4 (CVE-2022-42932)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	thunderbird-102.4.0-1.el9_0.alma.aarch64.rpm	0efd788faa221cafe1b1849b65c451fffe80fb91a83defd9959fa01d93e9727a
aarch64	thunderbird-102.4.0-1.el9_0.alma.plus.1.aarch64.rpm	7d4ba1c5c966682f369227ded0351bf54633b7bdaaafa92701517184146e0339
aarch64	thunderbird-102.4.0-1.el9_0.alma.plus.aarch64.rpm	b5664c1501f4b4b1fa700adcbac8bba4adc363e5df667a4c4c5fe7d29fd047f4
ppc64le	thunderbird-102.4.0-1.el9_0.alma.ppc64le.rpm	65ebd5ecd877aa27d53ea9042e6cf992fa0b1e66f2150258f68f531b9bb1c6d8
ppc64le	thunderbird-102.4.0-1.el9_0.alma.plus.1.ppc64le.rpm	aaf3ab061c407c3bccac37b448ac7150caaffdfd72cb82ee2e922c5b467d6665
ppc64le	thunderbird-102.4.0-1.el9_0.alma.plus.ppc64le.rpm	f70591fafb352271bb39dce64495e9804137817abbe873899482023149f9fe5f
s390x	thunderbird-102.4.0-1.el9_0.alma.s390x.rpm	3c403c39757473cef161471688eb770324cb292320a1bda31b4ddc39c00b2103
s390x	thunderbird-102.4.0-1.el9_0.alma.plus.s390x.rpm	e79d2e3595895c7528faf53b945f879a41234ad060a05d4b66f3b9ae87ad8bb9
s390x	thunderbird-102.4.0-1.el9_0.alma.plus.1.s390x.rpm	f894c45d60848ff1a263b744dfa7ab8cd9a84fe6583e35c1bf9c43d3f87854c2
x86_64	thunderbird-102.4.0-1.el9_0.alma.plus.x86_64.rpm	1fb06bdcd2901b84c0ca76738bdfc201221ffd38d9f5cc0b71618250a03bda4b
x86_64	thunderbird-102.4.0-1.el9_0.alma.x86_64.rpm	4cb4dbd7f2077edd580257791e7d23c06bdc1324f022611280d48a665aa5c968
x86_64	thunderbird-102.4.0-1.el9_0.alma.plus.1.x86_64.rpm	70ba3c405a602d6556b8888cc65bf80536db315fe06cd288f483f73cbb4b6239

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.