[ALSA-2023:6191] Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2023-11-03
Description:
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.4.1. Security Fix(es): * Mozilla: Queued up rendering could have allowed websites to clickjack (CVE-2023-5721) * Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4 (CVE-2023-5730) * libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488) * Mozilla: Large WebGL draw could have led to a crash (CVE-2023-5724) * Mozilla: WebExtensions could open arbitrary URLs (CVE-2023-5725) * Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash. (CVE-2023-5728) * Mozilla: Address bar spoofing via bidirectional characters (CVE-2023-5732) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 thunderbird-115.4.1-1.el9_2.alma.aarch64.rpm 0456140242b7a5bb7323e8168ba5423f5bb76942815e83606363703344b2a413
ppc64le thunderbird-115.4.1-1.el9_2.alma.ppc64le.rpm 3fd929efb4a4cbdb5cb0fdf1fa3e57fe936fb60858a7ef459ba68712d040bb60
s390x thunderbird-115.4.1-1.el9_2.alma.s390x.rpm d4a39453c1e0802218065773e895132f22d34e4983b5adf326991096a7331b9d
x86_64 thunderbird-115.4.1-1.el9_2.alma.x86_64.rpm 2782e62ef26f3bfdcba54e0eb9ecf13e64c3ccc31342c8979460a13abf049016
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.