[ALSA-2022:5482] thunderbird security update

Severity Important

Affected Packages 2

CVEs 9

An update for thunderbird is now available for AlmaLinux 9.

Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 91.11.
Security Fix(es):
* Mozilla: CSP sandbox header without allow-scripts can be bypassed via retargeted javascript: URI (CVE-2022-34468)
* Mozilla: Use-after-free in nsSHistory (CVE-2022-34470)
* Mozilla: A popup window could be resized in a way to overlay the address bar with web content (CVE-2022-34479)
* Mozilla: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (CVE-2022-34484)
* Mozilla: Undesired attributes could be set as part of prototype pollution (CVE-2022-2200)
* Mozilla: An email with a mismatching OpenPGP signature date was accepted as valid (CVE-2022-2226)
* Mozilla: CSP bypass enabling stylesheet injection (CVE-2022-31744)
* Mozilla: Unavailable PAC file resulted in OCSP requests being blocked (CVE-2022-34472)
* Mozilla: Potential integer overflow in ReplaceElementsAt (CVE-2022-34481)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/almalinux/thunderbird?arch=x86_64&distro=almalinux-9.0	< 91.11.0-2.el9_0.alma
pkg:rpm/almalinux/thunderbird?arch=aarch64&distro=almalinux-9.0	< 91.11.0-2.el9_0.alma

ID

ALSA-2022:5482

Severity

important

URL

https://errata.almalinux.org/ALSA-2022:5482.html

Published

2022-07-01T00:00:00
(2 years ago)

Modified

2022-07-21T17:26:49
(2 years ago)

Rights

Other Advisories

Source	# ID	URL
RHSA	RHSA-2022:5482	https://access.redhat.com/errata/RHSA-2022:5482
CVE	CVE-2022-2200	https://access.redhat.com/security/cve/CVE-2022-2200
CVE	CVE-2022-2226	https://access.redhat.com/security/cve/CVE-2022-2226
CVE	CVE-2022-31744	https://access.redhat.com/security/cve/CVE-2022-31744
CVE	CVE-2022-34468	https://access.redhat.com/security/cve/CVE-2022-34468
CVE	CVE-2022-34470	https://access.redhat.com/security/cve/CVE-2022-34470
CVE	CVE-2022-34472	https://access.redhat.com/security/cve/CVE-2022-34472
CVE	CVE-2022-34479	https://access.redhat.com/security/cve/CVE-2022-34479
CVE	CVE-2022-34481	https://access.redhat.com/security/cve/CVE-2022-34481
CVE	CVE-2022-34484	https://access.redhat.com/security/cve/CVE-2022-34484
Bugzilla	2102161	https://bugzilla.redhat.com/2102161
Bugzilla	2102162	https://bugzilla.redhat.com/2102162
Bugzilla	2102163	https://bugzilla.redhat.com/2102163
Bugzilla	2102164	https://bugzilla.redhat.com/2102164
Bugzilla	2102165	https://bugzilla.redhat.com/2102165
Bugzilla	2102166	https://bugzilla.redhat.com/2102166
Bugzilla	2102168	https://bugzilla.redhat.com/2102168
Bugzilla	2102169	https://bugzilla.redhat.com/2102169
Bugzilla	2102204	https://bugzilla.redhat.com/2102204
Self	ALSA-2022:5482	https://errata.almalinux.org/9/ALSA-2022-5482.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/almalinux/thunderbird?arch=x86_64&distro=almalinux-9.0	almalinux	thunderbird	< 91.11.0-2.el9_0.alma	almalinux-9.0	x86_64
Affected	pkg:rpm/almalinux/thunderbird?arch=aarch64&distro=almalinux-9.0	almalinux	thunderbird	< 91.11.0-2.el9_0.alma	almalinux-9.0	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date