[ALSA-2022:1301] thunderbird security update
An update for thunderbird is now available for AlmaLinux AlmaLinux Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 91.8.0.
Security Fix(es):
Mozilla: Use-after-free in NSSToken objects (CVE-2022-1097)
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions (CVE-2022-28281)
Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 (CVE-2022-28289)
Mozilla: Use-after-free after VR Process destruction (CVE-2022-1196)
Mozilla: OpenPGP revocation information was ignored (CVE-2022-1197)
Mozilla: Use-after-free in DocumentL10n::TranslateDocument (CVE-2022-28282)
Mozilla: Incorrect AliasSet used in JIT Codegen (CVE-2022-28285)
Mozilla: Denial of Service via complex regular expressions (CVE-2022-24713)
Mozilla: iframe contents could be rendered outside the border (CVE-2022-28286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Package | Affected Version |
---|---|
pkg:rpm/almalinux/thunderbird?arch=x86_64&distro=almalinux-8.5 | < 91.8.0-1.el8_5.alma |
pkg:rpm/almalinux/thunderbird?arch=x86_64&distro=almalinux-8.5 | < 91.8.0-1.el8_5.alma.plus |
- ID
- ALSA-2022:1301
- Severity
- important
- URL
- https://errata.almalinux.org/ALSA-2022:1301.html
- Published
-
2022-04-11T13:29:58
(2 years ago) - Modified
-
2022-04-13T07:37:22
(2 years ago) - Rights
- Copyright 2022 AlmaLinux OS
- Other Advisories
-
- ALAS2-2022-1789
- ALPINE:CVE-2022-1097
- ALPINE:CVE-2022-1196
- ALPINE:CVE-2022-1197
- ALPINE:CVE-2022-24713
- ALPINE:CVE-2022-28281
- ALPINE:CVE-2022-28282
- ALPINE:CVE-2022-28285
- ALPINE:CVE-2022-28286
- ALPINE:CVE-2022-28289
- ALSA-2022:1287
- DSA-5113-1
- DSA-5118-1
- ELSA-2022-1284
- ELSA-2022-1287
- ELSA-2022-1301
- ELSA-2022-1302
- FEDORA-2022-8436ac4c39
- FEDORA-2022-ceb3e03c5e
- FEDORA-2022-d20d44ba98
- GLSA-202208-08
- GLSA-202208-14
- GLSA-202212-05
- MFSA-2022-13
- MFSA-2022-14
- MFSA-2022-15
- openSUSE-SU-2022:1127-1
- RHSA-2022:1284
- RHSA-2022:1287
- RHSA-2022:1301
- RHSA-2022:1302
- RUSTSEC-2022-0013
- SSA:2022-095-01
- SSA:2022-096-01
- SUSE-SU-2022:1113-1
- SUSE-SU-2022:1127-1
- SUSE-SU-2022:1149-1
- SUSE-SU-2022:1176-1
- SUSE-SU-2022:3949-1
- SUSE-SU-2022:4073-1
- SUSE-SU-2023:1844-1
- SUSE-SU-2023:3526-1
- USN-5370-1
- USN-5393-1
- USN-5494-1
- USN-5610-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2022-1097 | https://vulners.com/cve/CVE-2022-1097 | |
CVE | CVE-2022-1196 | https://vulners.com/cve/CVE-2022-1196 | |
CVE | CVE-2022-1197 | https://vulners.com/cve/CVE-2022-1197 | |
CVE | CVE-2022-24713 | https://vulners.com/cve/CVE-2022-24713 | |
CVE | CVE-2022-28281 | https://vulners.com/cve/CVE-2022-28281 | |
CVE | CVE-2022-28282 | https://vulners.com/cve/CVE-2022-28282 | |
CVE | CVE-2022-28285 | https://vulners.com/cve/CVE-2022-28285 | |
CVE | CVE-2022-28286 | https://vulners.com/cve/CVE-2022-28286 | |
CVE | CVE-2022-28289 | https://vulners.com/cve/CVE-2022-28289 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/almalinux/thunderbird?arch=x86_64&distro=almalinux-8.5 | almalinux | thunderbird | < 91.8.0-1.el8_5.alma | almalinux-8.5 | x86_64 | |
Affected | pkg:rpm/almalinux/thunderbird?arch=x86_64&distro=almalinux-8.5 | almalinux | thunderbird | < 91.8.0-1.el8_5.alma.plus | almalinux-8.5 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |