[ALSA-2023:7501] Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2023-11-29
Description:
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.5.0. Security Fix(es): * Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204) * Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205) * Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206) * Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207) * Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212) * Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208) * Mozilla: Incorrect parsing of relative URLs starting with "///" (CVE-2023-6209) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 thunderbird-115.5.0-1.el9_3.alma.aarch64.rpm 89579f2615695b4a7464cc69b61f88937ec19701d5769f8bf9c731e11e7ff394
ppc64le thunderbird-115.5.0-1.el9_3.alma.ppc64le.rpm 9cfb2211851cfe3c5082093a505703c0e280f2c2af47bac78199f51b9efad07b
s390x thunderbird-115.5.0-1.el9_3.alma.s390x.rpm f48d10c3f7af0953cf150d6be03763849eeb2c92aa6d196e019ab1fad478f5a8
x86_64 thunderbird-115.5.0-1.el9_3.alma.x86_64.rpm 823f85952938f2a34848eb53501af8a382b7f176c92ac94346629be48b0dde94
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.