[ALSA-2023:3150] Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2023-05-19
Description:
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Security Fix(es): * Mozilla: Browser prompts could have been obscured by popups (CVE-2023-32205) * Mozilla: Crash in RLBox Expat driver (CVE-2023-32206) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-32207) * Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 (CVE-2023-32215) * Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211) * Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212) * Mozilla: Potential memory corruption in FileReader::DoReadData() (CVE-2023-32213) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 thunderbird-102.11.0-1.el9_2.alma.plus.aarch64.rpm 6e5b95d49108f40768048a085a3d334ee4a62bafed92e080a8f8c5fc5263c4b3
aarch64 thunderbird-102.11.0-1.el9_2.alma.aarch64.rpm 98de358d3dab48a41898060ab4c39ca7ccb07f21022cb1705e7c82dfeabb5f4d
ppc64le thunderbird-102.11.0-1.el9_2.alma.ppc64le.rpm 016461d9b5644082dbd8b176af9c90b1c8a1a2248a0d25921a3b338a2aaf5111
ppc64le thunderbird-102.11.0-1.el9_2.alma.plus.ppc64le.rpm 0830d1f8bb97f822a26ac572f870ba45d425de9a391f4d7ffe0793d0801670a1
s390x thunderbird-102.11.0-1.el9_2.alma.plus.s390x.rpm 7b3b5e318a9ceec518944766087d557bbadc217b5e998fa386c09d3610633704
s390x thunderbird-102.11.0-1.el9_2.alma.s390x.rpm be316b6d5d07d7d44e118584113ffba6ae0fcaa0676b3895623d045fa2d02ce8
x86_64 thunderbird-102.11.0-1.el9_2.alma.plus.x86_64.rpm 324e841420a8d0166cebdcbc51b752b55171e156df585dad0ccb878629bac937
x86_64 thunderbird-102.11.0-1.el9_2.alma.x86_64.rpm 5db3dcc3aa049f261210231e878368c983009ca9f7ab39a5f8966877539e0cbd
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.