[RHSA-2023:7500] thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.5.0.
Security Fix(es):
Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)
Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)
Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)
Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)
Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)
Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)
Mozilla: Incorrect parsing of relative URLs starting with "///" (CVE-2023-6209)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Package | Affected Version |
---|---|
pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-8.9 | < 115.5.0-1.el8_9 |
pkg:rpm/redhat/thunderbird?arch=s390x&distro=redhat-8.9 | < 115.5.0-1.el8_9 |
pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-8.9 | < 115.5.0-1.el8_9 |
pkg:rpm/redhat/thunderbird?arch=aarch64&distro=redhat-8.9 | < 115.5.0-1.el8_9 |
- ID
- RHSA-2023:7500
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2023:7500
- Published
-
2023-11-27T00:00:00
(9 months ago) - Modified
-
2023-11-27T00:00:00
(9 months ago) - Rights
- Copyright 2023 Red Hat, Inc.
- Other Advisories
-
- ALAS2-2024-2379
- ALPINE:CVE-2023-6204
- ALPINE:CVE-2023-6205
- ALPINE:CVE-2023-6206
- ALPINE:CVE-2023-6207
- ALPINE:CVE-2023-6208
- ALPINE:CVE-2023-6209
- ALPINE:CVE-2023-6212
- ALSA-2023:7500
- ALSA-2023:7501
- ALSA-2023:7507
- ALSA-2023:7508
- DSA-5561-1
- DSA-5566-1
- ELSA-2023-7500
- ELSA-2023-7501
- ELSA-2023-7505
- ELSA-2023-7507
- ELSA-2023-7508
- ELSA-2023-7509
- GLSA-202402-25
- MFSA-2023-49
- MFSA-2023-50
- MFSA-2023-52
- RHSA-2023:7501
- RHSA-2023:7505
- RHSA-2023:7507
- RHSA-2023:7508
- RHSA-2023:7509
- RLSA-2023:7500
- SSA:2023-325-02
- SSA:2023-326-01
- SUSE-SU-2023:4588-1
- SUSE-SU-2023:4912-1
- SUSE-SU-2023:4928-1
- SUSE-SU-2023:4929-1
- USN-6509-1
- USN-6515-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 2250896 | https://bugzilla.redhat.com/2250896 | |
Bugzilla | 2250897 | https://bugzilla.redhat.com/2250897 | |
Bugzilla | 2250898 | https://bugzilla.redhat.com/2250898 | |
Bugzilla | 2250899 | https://bugzilla.redhat.com/2250899 | |
Bugzilla | 2250900 | https://bugzilla.redhat.com/2250900 | |
Bugzilla | 2250901 | https://bugzilla.redhat.com/2250901 | |
Bugzilla | 2250902 | https://bugzilla.redhat.com/2250902 | |
RHSA | RHSA-2023:7500 | https://access.redhat.com/errata/RHSA-2023:7500 | |
CVE | CVE-2023-6204 | https://access.redhat.com/security/cve/CVE-2023-6204 | |
CVE | CVE-2023-6205 | https://access.redhat.com/security/cve/CVE-2023-6205 | |
CVE | CVE-2023-6206 | https://access.redhat.com/security/cve/CVE-2023-6206 | |
CVE | CVE-2023-6207 | https://access.redhat.com/security/cve/CVE-2023-6207 | |
CVE | CVE-2023-6208 | https://access.redhat.com/security/cve/CVE-2023-6208 | |
CVE | CVE-2023-6209 | https://access.redhat.com/security/cve/CVE-2023-6209 | |
CVE | CVE-2023-6212 | https://access.redhat.com/security/cve/CVE-2023-6212 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/thunderbird?arch=x86_64&distro=redhat-8.9 | redhat | thunderbird | < 115.5.0-1.el8_9 | redhat-8.9 | x86_64 | |
Affected | pkg:rpm/redhat/thunderbird?arch=s390x&distro=redhat-8.9 | redhat | thunderbird | < 115.5.0-1.el8_9 | redhat-8.9 | s390x | |
Affected | pkg:rpm/redhat/thunderbird?arch=ppc64le&distro=redhat-8.9 | redhat | thunderbird | < 115.5.0-1.el8_9 | redhat-8.9 | ppc64le | |
Affected | pkg:rpm/redhat/thunderbird?arch=aarch64&distro=redhat-8.9 | redhat | thunderbird | < 115.5.0-1.el8_9 | redhat-8.9 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |