[ALSA-2023:1809] thunderbird security update

Severity Important

Affected Packages 2

CVEs 11

thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.10.0.

Security Fix(es):

Thunderbird: Revocation status of S/Mime recipient certificates was not checked (CVE-2023-0547)
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2023-28427)
Mozilla: Fullscreen notification obscured (CVE-2023-29533)
Mozilla: Potential Memory Corruption following Garbage Collector compaction (CVE-2023-29535)
Mozilla: Invalid free from JavaScript code (CVE-2023-29536)
Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (CVE-2023-29550)
Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)
Thunderbird: Hang when processing certain OpenPGP messages (CVE-2023-29479)
Mozilla: Content-Disposition filename truncation leads to Reflected File Download (CVE-2023-29539)
Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux (CVE-2023-29541)
Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)
MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/almalinux/thunderbird?arch=x86_64&distro=almalinux-9.1	< 102.10.0-2.el9_1.alma
pkg:rpm/almalinux/thunderbird?arch=aarch64&distro=almalinux-9.1	< 102.10.0-2.el9_1.alma

ID

ALSA-2023:1809

Severity

important

URL

https://errata.almalinux.org/ALSA-2023:1809.html

Published

2023-04-17T00:00:00
(17 months ago)

Modified

2023-04-20T15:37:01
(17 months ago)

Rights

Other Advisories

Source	# ID	URL
RHSA	RHSA-2023:1809	https://access.redhat.com/errata/RHSA-2023:1809
CVE	CVE-2023-0547	https://access.redhat.com/security/cve/CVE-2023-0547
CVE	CVE-2023-1945	https://access.redhat.com/security/cve/CVE-2023-1945
CVE	CVE-2023-28427	https://access.redhat.com/security/cve/CVE-2023-28427
CVE	CVE-2023-29479	https://access.redhat.com/security/cve/CVE-2023-29479
CVE	CVE-2023-29533	https://access.redhat.com/security/cve/CVE-2023-29533
CVE	CVE-2023-29535	https://access.redhat.com/security/cve/CVE-2023-29535
CVE	CVE-2023-29536	https://access.redhat.com/security/cve/CVE-2023-29536
CVE	CVE-2023-29539	https://access.redhat.com/security/cve/CVE-2023-29539
CVE	CVE-2023-29541	https://access.redhat.com/security/cve/CVE-2023-29541
CVE	CVE-2023-29548	https://access.redhat.com/security/cve/CVE-2023-29548
CVE	CVE-2023-29550	https://access.redhat.com/security/cve/CVE-2023-29550
Bugzilla	2183278	https://bugzilla.redhat.com/2183278
Bugzilla	2186101	https://bugzilla.redhat.com/2186101
Bugzilla	2186103	https://bugzilla.redhat.com/2186103
Bugzilla	2186104	https://bugzilla.redhat.com/2186104
Bugzilla	2186105	https://bugzilla.redhat.com/2186105
Bugzilla	2186106	https://bugzilla.redhat.com/2186106
Bugzilla	2186109	https://bugzilla.redhat.com/2186109
Bugzilla	2186110	https://bugzilla.redhat.com/2186110
Bugzilla	2186111	https://bugzilla.redhat.com/2186111
Bugzilla	2186734	https://bugzilla.redhat.com/2186734
Bugzilla	2186735	https://bugzilla.redhat.com/2186735
Self	ALSA-2023:1809	https://errata.almalinux.org/9/ALSA-2023-1809.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/almalinux/thunderbird?arch=x86_64&distro=almalinux-9.1	almalinux	thunderbird	< 102.10.0-2.el9_1.alma	almalinux-9.1	x86_64
Affected	pkg:rpm/almalinux/thunderbird?arch=aarch64&distro=almalinux-9.1	almalinux	thunderbird	< 102.10.0-2.el9_1.alma	almalinux-9.1	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date