[RLSA-2022:7190] thunderbird security update

Severity Important

Affected Packages 2

CVEs 8

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.4.0.

Security Fix(es):

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators (CVE-2022-39249)
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack (CVE-2022-39250)
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack (CVE-2022-39251)
Mozilla: Same-origin policy violation could have leaked cross-origin URLs (CVE-2022-42927)
Mozilla: Memory Corruption in JS Engine (CVE-2022-42928)
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue (CVE-2022-39236)
Mozilla: Denial of Service via window.print (CVE-2022-42929)
Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird 102.4 (CVE-2022-42932)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/rockylinux/thunderbird?arch=x86_64&distro=rockylinux-8.6	< 102.4.0-1.el8_6.0.1
pkg:rpm/rockylinux/thunderbird?arch=aarch64&distro=rockylinux-8.6	< 102.4.0-1.el8_6.0.1

ID

RLSA-2022:7190

Severity

important

URL

https://errata.rockylinux.org/RLSA-2022:7190

Published

2022-10-25T14:29:50
(23 months ago)

Modified

2023-02-02T14:13:41
(19 months ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2022-39236	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39236
CVE	CVE-2022-39249	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39249
CVE	CVE-2022-39250	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39250
CVE	CVE-2022-39251	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39251
CVE	CVE-2022-42927	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42927
CVE	CVE-2022-42928	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42928
CVE	CVE-2022-42929	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42929
CVE	CVE-2022-42932	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42932
Bugzilla	2135391	https://bugzilla.redhat.com/show_bug.cgi?id=2135391
Bugzilla	2135393	https://bugzilla.redhat.com/show_bug.cgi?id=2135393
Bugzilla	2135395	https://bugzilla.redhat.com/show_bug.cgi?id=2135395
Bugzilla	2135396	https://bugzilla.redhat.com/show_bug.cgi?id=2135396
Bugzilla	2136156	https://bugzilla.redhat.com/show_bug.cgi?id=2136156
Bugzilla	2136157	https://bugzilla.redhat.com/show_bug.cgi?id=2136157
Bugzilla	2136158	https://bugzilla.redhat.com/show_bug.cgi?id=2136158
Bugzilla	2136159	https://bugzilla.redhat.com/show_bug.cgi?id=2136159
Self	RLSA-2022:7190	https://errata.rockylinux.org/RLSA-2022:7190

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/rockylinux/thunderbird?arch=x86_64&distro=rockylinux-8.6	rockylinux	thunderbird	< 102.4.0-1.el8_6.0.1	rockylinux-8.6	x86_64
Affected	pkg:rpm/rockylinux/thunderbird?arch=aarch64&distro=rockylinux-8.6	rockylinux	thunderbird	< 102.4.0-1.el8_6.0.1	rockylinux-8.6	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date