[ALSA-2022:9080] Important: thunderbird security update
Release date:
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Security Fix(es): * Mozilla: Arbitrary file read from a compromised content process (CVE-2022-46872) * Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 (CVE-2022-46878) * Mozilla: Use-after-free in WebGL (CVE-2022-46880) * Mozilla: Memory corruption in WebGL (CVE-2022-46881) * Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content (CVE-2022-45414) * Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions (CVE-2022-46874) * Mozilla: Use-after-free in WebGL (CVE-2022-46882) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 thunderbird-102.6.0-2.el9_1.alma.aarch64.rpm 84253fd1c07f815c67faf39121dafe1619ac220d3cec4e16314086de230d3bc9
ppc64le thunderbird-102.6.0-2.el9_1.alma.ppc64le.rpm e6a59c42f4d3dc92714c030d794c072ef4d79273256ed9f1c98247375c8869a5
s390x thunderbird-102.6.0-2.el9_1.alma.s390x.rpm f53de5883171be36b35a54f41c604a6e95d6e019f7260070dadc720a023f169a
x86_64 thunderbird-102.6.0-2.el9_1.alma.x86_64.rpm a033392348457627dbcb0ad1a6ca2c8eb9834ba0e8417b41c7833e9ac84cbd45
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.