Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.6.0.
Security Fix(es):
* Mozilla: Arbitrary file read from a compromised content process (CVE-2022-46872)
* Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 (CVE-2022-46878)
* Mozilla: Use-after-free in WebGL (CVE-2022-46880)
* Mozilla: Memory corruption in WebGL (CVE-2022-46881)
* Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content (CVE-2022-45414)
* Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions (CVE-2022-46874)
* Mozilla: Use-after-free in WebGL (CVE-2022-46882)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
thunderbird-102.6.0-2.el9_1.alma.plus.aarch64.rpm |
270bec127873ed39196fa3fd3dc513af1e16f9bc88a51f17d7f3d4ed9081cdcf |
| aarch64 |
thunderbird-102.6.0-2.el9_1.alma.aarch64.rpm |
84253fd1c07f815c67faf39121dafe1619ac220d3cec4e16314086de230d3bc9 |
| ppc64le |
thunderbird-102.6.0-2.el9_1.alma.plus.ppc64le.rpm |
7f8bd60842019413bbddfcd1d76e6086b22fa250599bbb62081ef899760e6276 |
| ppc64le |
thunderbird-102.6.0-2.el9_1.alma.ppc64le.rpm |
e6a59c42f4d3dc92714c030d794c072ef4d79273256ed9f1c98247375c8869a5 |
| s390x |
thunderbird-102.6.0-2.el9_1.alma.plus.s390x.rpm |
eedd009a7c78f12a1bdc5d1cbc8837debb030b3537e84a087f105967478ff977 |
| s390x |
thunderbird-102.6.0-2.el9_1.alma.s390x.rpm |
f53de5883171be36b35a54f41c604a6e95d6e019f7260070dadc720a023f169a |
| x86_64 |
thunderbird-102.6.0-2.el9_1.alma.plus.x86_64.rpm |
52fdf06de258ba07608d3f09eddbbc4da7721da4987d82845453a8d6539ec305 |
| x86_64 |
thunderbird-102.6.0-2.el9_1.alma.x86_64.rpm |
a033392348457627dbcb0ad1a6ca2c8eb9834ba0e8417b41c7833e9ac84cbd45 |
