[ALSA-2024:0602] thunderbird security update

Severity Important

Affected Packages 2

CVEs 9

thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.7.0.

Security Fix(es):

Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
Mozilla: Failure to update user input timestamp (CVE-2024-0742)
Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
Mozilla: Privilege escalation through devtools (CVE-2024-0751)
Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/almalinux/thunderbird?arch=x86_64&distro=almalinux-9.3	< 115.7.0-1.el9_3.alma
pkg:rpm/almalinux/thunderbird?arch=aarch64&distro=almalinux-9.3	< 115.7.0-1.el9_3.alma

ID

ALSA-2024:0602

Severity

important

URL

https://errata.almalinux.org/ALSA-2024:0602.html

Published

2024-01-30T00:00:00
(7 months ago)

Modified

2024-02-01T10:12:30
(7 months ago)

Rights

Other Advisories

Source	# ID	URL
RHSA	RHSA-2024:0602	https://access.redhat.com/errata/RHSA-2024:0602
CVE	CVE-2024-0741	https://access.redhat.com/security/cve/CVE-2024-0741
CVE	CVE-2024-0742	https://access.redhat.com/security/cve/CVE-2024-0742
CVE	CVE-2024-0746	https://access.redhat.com/security/cve/CVE-2024-0746
CVE	CVE-2024-0747	https://access.redhat.com/security/cve/CVE-2024-0747
CVE	CVE-2024-0749	https://access.redhat.com/security/cve/CVE-2024-0749
CVE	CVE-2024-0750	https://access.redhat.com/security/cve/CVE-2024-0750
CVE	CVE-2024-0751	https://access.redhat.com/security/cve/CVE-2024-0751
CVE	CVE-2024-0753	https://access.redhat.com/security/cve/CVE-2024-0753
CVE	CVE-2024-0755	https://access.redhat.com/security/cve/CVE-2024-0755
Bugzilla	2259926	https://bugzilla.redhat.com/2259926
Bugzilla	2259927	https://bugzilla.redhat.com/2259927
Bugzilla	2259928	https://bugzilla.redhat.com/2259928
Bugzilla	2259929	https://bugzilla.redhat.com/2259929
Bugzilla	2259930	https://bugzilla.redhat.com/2259930
Bugzilla	2259931	https://bugzilla.redhat.com/2259931
Bugzilla	2259932	https://bugzilla.redhat.com/2259932
Bugzilla	2259933	https://bugzilla.redhat.com/2259933
Bugzilla	2259934	https://bugzilla.redhat.com/2259934
Self	ALSA-2024:0602	https://errata.almalinux.org/9/ALSA-2024-0602.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/almalinux/thunderbird?arch=x86_64&distro=almalinux-9.3	almalinux	thunderbird	< 115.7.0-1.el9_3.alma	almalinux-9.3	x86_64
Affected	pkg:rpm/almalinux/thunderbird?arch=aarch64&distro=almalinux-9.3	almalinux	thunderbird	< 115.7.0-1.el9_3.alma	almalinux-9.3	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date