[ALSA-2022:0129] thunderbird security update

Severity Important

Affected Packages 2

CVEs 12

An update for thunderbird is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.5.0.

Security Fix(es):

Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)
Mozilla: Race condition when playing audio files (CVE-2022-22737)
Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)
Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)
Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741)
Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)
Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22743)
Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)
Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)
Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)
Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)
Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/almalinux/thunderbird?arch=x86_64&distro=almalinux-8.5	< 91.5.0-1.el8_5.alma.plus
pkg:rpm/almalinux/thunderbird?arch=x86_64&distro=almalinux-8.5	< 91.5.0-1.el8_5.alma

ID

ALSA-2022:0129

Severity

important

URL

https://errata.almalinux.org/ALSA-2022:0129.html

Published

2022-01-12T11:29:46
(2 years ago)

Modified

2022-01-13T09:06:45
(2 years ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2021-4140	https://vulners.com/cve/CVE-2021-4140
CVE	CVE-2022-22737	https://vulners.com/cve/CVE-2022-22737
CVE	CVE-2022-22738	https://vulners.com/cve/CVE-2022-22738
CVE	CVE-2022-22739	https://vulners.com/cve/CVE-2022-22739
CVE	CVE-2022-22740	https://vulners.com/cve/CVE-2022-22740
CVE	CVE-2022-22741	https://vulners.com/cve/CVE-2022-22741
CVE	CVE-2022-22742	https://vulners.com/cve/CVE-2022-22742
CVE	CVE-2022-22743	https://vulners.com/cve/CVE-2022-22743
CVE	CVE-2022-22745	https://vulners.com/cve/CVE-2022-22745
CVE	CVE-2022-22747	https://vulners.com/cve/CVE-2022-22747
CVE	CVE-2022-22748	https://vulners.com/cve/CVE-2022-22748
CVE	CVE-2022-22751	https://vulners.com/cve/CVE-2022-22751

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/almalinux/thunderbird?arch=x86_64&distro=almalinux-8.5	almalinux	thunderbird	< 91.5.0-1.el8_5.alma.plus	almalinux-8.5	x86_64
Affected	pkg:rpm/almalinux/thunderbird?arch=x86_64&distro=almalinux-8.5	almalinux	thunderbird	< 91.5.0-1.el8_5.alma	almalinux-8.5	x86_64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date