1. Home
  2. Security Advisories
  3. Rocky Linux
  4. RLSA-2022:8547

[RLSA-2022:8547] thunderbird security update

Severity Important
Affected Packages 2
CVEs 13
Info Packages References Vulnerabilities

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.5.0.

Security Fix(es):

  • Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403)

  • Mozilla: Fullscreen notification bypass (CVE-2022-45404)

  • Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)

  • Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)

  • Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)

  • Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)

  • Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421)

  • Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410)

  • Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411)

  • Mozilla: Symlinks may resolve to partially uninitialized buffers (CVE-2022-45412)

  • Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)

  • Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418)

  • Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package Affected Version
pkg:rpm/rockylinux/thunderbird?arch=x86_64&distro=rockylinux-8.7 < 102.5.0-2.el8_7
pkg:rpm/rockylinux/thunderbird?arch=aarch64&distro=rockylinux-8.7 < 102.5.0-2.el8_7
ID
RLSA-2022:8547
Severity
important
URL
https://errata.rockylinux.org/RLSA-2022:8547
Published
2022-11-21T11:16:30
(22 months ago)
Modified
2023-02-02T13:54:02
(19 months ago)
Rights
Copyright 2024 Rocky Enterprise Software Foundation
Other Advisories
Source # ID Name URL
CVE CVE-2022-45403 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403
CVE CVE-2022-45404 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404
CVE CVE-2022-45405 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405
CVE CVE-2022-45406 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406
CVE CVE-2022-45408 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408
CVE CVE-2022-45409 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409
CVE CVE-2022-45410 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410
CVE CVE-2022-45411 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411
CVE CVE-2022-45412 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412
CVE CVE-2022-45416 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416
CVE CVE-2022-45418 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418
CVE CVE-2022-45420 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420
CVE CVE-2022-45421 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421
Bugzilla 2143197 https://bugzilla.redhat.com/show_bug.cgi?id=2143197
Bugzilla 2143198 https://bugzilla.redhat.com/show_bug.cgi?id=2143198
Bugzilla 2143199 https://bugzilla.redhat.com/show_bug.cgi?id=2143199
Bugzilla 2143200 https://bugzilla.redhat.com/show_bug.cgi?id=2143200
Bugzilla 2143201 https://bugzilla.redhat.com/show_bug.cgi?id=2143201
Bugzilla 2143202 https://bugzilla.redhat.com/show_bug.cgi?id=2143202
Bugzilla 2143203 https://bugzilla.redhat.com/show_bug.cgi?id=2143203
Bugzilla 2143204 https://bugzilla.redhat.com/show_bug.cgi?id=2143204
Bugzilla 2143205 https://bugzilla.redhat.com/show_bug.cgi?id=2143205
Bugzilla 2143240 https://bugzilla.redhat.com/show_bug.cgi?id=2143240
Bugzilla 2143241 https://bugzilla.redhat.com/show_bug.cgi?id=2143241
Bugzilla 2143242 https://bugzilla.redhat.com/show_bug.cgi?id=2143242
Bugzilla 2143243 https://bugzilla.redhat.com/show_bug.cgi?id=2143243
Self RLSA-2022:8547 https://errata.rockylinux.org/RLSA-2022:8547
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/rockylinux/thunderbird?arch=x86_64&distro=rockylinux-8.7 rockylinux thunderbird < 102.5.0-2.el8_7 rockylinux-8.7 x86_64
Affected pkg:rpm/rockylinux/thunderbird?arch=aarch64&distro=rockylinux-8.7 rockylinux thunderbird < 102.5.0-2.el8_7 rockylinux-8.7 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date