[ALSA-2023:4955] Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2023-09-06
Description:
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fix(es): * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575) * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577) * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (CVE-2023-4584) * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (CVE-2023-4585) * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) * Mozilla: Full screen notification obscured by external program (CVE-2023-4053) * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (CVE-2023-4578) * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580) * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581) * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 thunderbird-102.15.0-1.el9_2.alma.aarch64.rpm 1f628aa6f44ce717df479b907518465e5f38e54f4a1d88b721debd0dede2789e
ppc64le thunderbird-102.15.0-1.el9_2.alma.ppc64le.rpm ed7d7450474839b7675197935f15448dd56e1f73b30a73131884e6d59554062e
s390x thunderbird-102.15.0-1.el9_2.alma.s390x.rpm 7079fe64c1163769b300ef855b4be9bd2bf1494ca36e086adb575649600099a0
x86_64 thunderbird-102.15.0-1.el9_2.alma.x86_64.rpm d8d55f54cbab289d4e0374d8be4798a6aeb4d1dfba58887efcb62d437e31cdfb
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.