[ALSA-2024:0001] thunderbird security update

Severity Important

Affected Packages 2

CVEs 11

thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.6.0.

Security Fix(es):

Mozilla: Heap-buffer-overflow affecting WebGL <code>DrawElementsInstanced</code> method with Mesa VM driver (CVE-2023-6856)
Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864)
Mozilla: S/MIME signature accepted despite mismatching message date (CVE-2023-50761)
Mozilla: Truncated signed text was shown with a valid OpenPGP signature (CVE-2023-50762)
Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857)
Mozilla: Heap buffer overflow in <code>nsTextFragment</code> (CVE-2023-6858)
Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859)
Mozilla: Potential sandbox escape due to <code>VideoBridge</code> lack of texture validation (CVE-2023-6860)
Mozilla: Heap buffer overflow affected <code>nsWindow::PickerOpen(void)</code> in headless mode (CVE-2023-6861)
Mozilla: Use-after-free in <code>nsDNSService</code> (CVE-2023-6862)
Mozilla: Undefined behavior in <code>ShutdownObserver()</code> (CVE-2023-6863)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/almalinux/thunderbird?arch=x86_64&distro=almalinux-9.3	< 115.6.0-1.el9_3.alma
pkg:rpm/almalinux/thunderbird?arch=aarch64&distro=almalinux-9.3	< 115.6.0-1.el9_3.alma

ID

ALSA-2024:0001

Severity

important

URL

https://errata.almalinux.org/ALSA-2024:0001.html

Published

2024-01-02T00:00:00
(8 months ago)

Modified

2024-01-03T17:21:11
(8 months ago)

Rights

Other Advisories

Source	# ID	URL
RHSA	RHSA-2024:0001	https://access.redhat.com/errata/RHSA-2024:0001
CVE	CVE-2023-50761	https://access.redhat.com/security/cve/CVE-2023-50761
CVE	CVE-2023-50762	https://access.redhat.com/security/cve/CVE-2023-50762
CVE	CVE-2023-6856	https://access.redhat.com/security/cve/CVE-2023-6856
CVE	CVE-2023-6857	https://access.redhat.com/security/cve/CVE-2023-6857
CVE	CVE-2023-6858	https://access.redhat.com/security/cve/CVE-2023-6858
CVE	CVE-2023-6859	https://access.redhat.com/security/cve/CVE-2023-6859
CVE	CVE-2023-6860	https://access.redhat.com/security/cve/CVE-2023-6860
CVE	CVE-2023-6861	https://access.redhat.com/security/cve/CVE-2023-6861
CVE	CVE-2023-6862	https://access.redhat.com/security/cve/CVE-2023-6862
CVE	CVE-2023-6863	https://access.redhat.com/security/cve/CVE-2023-6863
CVE	CVE-2023-6864	https://access.redhat.com/security/cve/CVE-2023-6864
Bugzilla	2255360	https://bugzilla.redhat.com/2255360
Bugzilla	2255362	https://bugzilla.redhat.com/2255362
Bugzilla	2255363	https://bugzilla.redhat.com/2255363
Bugzilla	2255364	https://bugzilla.redhat.com/2255364
Bugzilla	2255365	https://bugzilla.redhat.com/2255365
Bugzilla	2255367	https://bugzilla.redhat.com/2255367
Bugzilla	2255368	https://bugzilla.redhat.com/2255368
Bugzilla	2255369	https://bugzilla.redhat.com/2255369
Bugzilla	2255370	https://bugzilla.redhat.com/2255370
Bugzilla	2255378	https://bugzilla.redhat.com/2255378
Bugzilla	2255379	https://bugzilla.redhat.com/2255379
Self	ALSA-2024:0001	https://errata.almalinux.org/9/ALSA-2024-0001.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/almalinux/thunderbird?arch=x86_64&distro=almalinux-9.3	almalinux	thunderbird	< 115.6.0-1.el9_3.alma	almalinux-9.3	x86_64
Affected	pkg:rpm/almalinux/thunderbird?arch=aarch64&distro=almalinux-9.3	almalinux	thunderbird	< 115.6.0-1.el9_3.alma	almalinux-9.3	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date