[RHSA-2023:1806] thunderbird security update

Severity Important

Affected Packages 2

CVEs 12

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.10.0.

Security Fix(es):

Thunderbird: Revocation status of S/Mime recipient certificates was not checked (CVE-2023-0547)
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2023-28427)
Mozilla: Fullscreen notification obscured (CVE-2023-29533)
Mozilla: Potential Memory Corruption following Garbage Collector compaction (CVE-2023-29535)
Mozilla: Invalid free from JavaScript code (CVE-2023-29536)
Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (CVE-2023-29550)
Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)
Thunderbird: Hang when processing certain OpenPGP messages (CVE-2023-29479)
Mozilla: Content-Disposition filename truncation leads to Reflected File Download (CVE-2023-29539)
Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux (CVE-2023-29541)
Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)
MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-7.9	< 102.10.0-2.el7_9
pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-7.9	< 102.10.0-2.el7_9

ID

RHSA-2023:1806

Severity

important

URL

https://access.redhat.com/errata/RHSA-2023:1806

Published

2023-04-17T00:00:00
(17 months ago)

Modified

2023-04-17T00:00:00
(17 months ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	2183278	https://bugzilla.redhat.com/2183278
Bugzilla	2186101	https://bugzilla.redhat.com/2186101
Bugzilla	2186102	https://bugzilla.redhat.com/2186102
Bugzilla	2186103	https://bugzilla.redhat.com/2186103
Bugzilla	2186104	https://bugzilla.redhat.com/2186104
Bugzilla	2186105	https://bugzilla.redhat.com/2186105
Bugzilla	2186106	https://bugzilla.redhat.com/2186106
Bugzilla	2186109	https://bugzilla.redhat.com/2186109
Bugzilla	2186110	https://bugzilla.redhat.com/2186110
Bugzilla	2186111	https://bugzilla.redhat.com/2186111
Bugzilla	2186734	https://bugzilla.redhat.com/2186734
Bugzilla	2186735	https://bugzilla.redhat.com/2186735
RHSA	RHSA-2023:1806	https://access.redhat.com/errata/RHSA-2023:1806
CVE	CVE-2023-0547	https://access.redhat.com/security/cve/CVE-2023-0547
CVE	CVE-2023-1945	https://access.redhat.com/security/cve/CVE-2023-1945
CVE	CVE-2023-1999	https://access.redhat.com/security/cve/CVE-2023-1999
CVE	CVE-2023-28427	https://access.redhat.com/security/cve/CVE-2023-28427
CVE	CVE-2023-29479	https://access.redhat.com/security/cve/CVE-2023-29479
CVE	CVE-2023-29533	https://access.redhat.com/security/cve/CVE-2023-29533
CVE	CVE-2023-29535	https://access.redhat.com/security/cve/CVE-2023-29535
CVE	CVE-2023-29536	https://access.redhat.com/security/cve/CVE-2023-29536
CVE	CVE-2023-29539	https://access.redhat.com/security/cve/CVE-2023-29539
CVE	CVE-2023-29541	https://access.redhat.com/security/cve/CVE-2023-29541
CVE	CVE-2023-29548	https://access.redhat.com/security/cve/CVE-2023-29548
CVE	CVE-2023-29550	https://access.redhat.com/security/cve/CVE-2023-29550

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-7.9	redhat	thunderbird	< 102.10.0-2.el7_9	redhat-7.9	x86_64
Affected	pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-7.9	redhat	thunderbird	< 102.10.0-2.el7_9	redhat-7.9	ppc64le

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date