[RLSA-2022:8547] thunderbird security update
An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.5.0.
Security Fix(es):
Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403)
Mozilla: Fullscreen notification bypass (CVE-2022-45404)
Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)
Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)
Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)
Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)
Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421)
Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410)
Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411)
Mozilla: Symlinks may resolve to partially uninitialized buffers (CVE-2022-45412)
Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)
Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418)
Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Package | Affected Version |
---|---|
pkg:rpm/rockylinux/thunderbird?arch=x86_64&distro=rockylinux-8.7 | < 102.5.0-2.el8_7 |
pkg:rpm/rockylinux/thunderbird?arch=aarch64&distro=rockylinux-8.7 | < 102.5.0-2.el8_7 |
- ID
- RLSA-2022:8547
- Severity
- important
- URL
- https://errata.rockylinux.org/RLSA-2022:8547
- Published
-
2022-11-21T11:16:30
(22 months ago) - Modified
-
2023-02-02T13:54:02
(19 months ago) - Rights
- Copyright 2024 Rocky Enterprise Software Foundation
- Other Advisories
-
- ALPINE:CVE-2022-45403
- ALPINE:CVE-2022-45404
- ALPINE:CVE-2022-45405
- ALPINE:CVE-2022-45406
- ALPINE:CVE-2022-45408
- ALPINE:CVE-2022-45409
- ALPINE:CVE-2022-45410
- ALPINE:CVE-2022-45411
- ALPINE:CVE-2022-45412
- ALPINE:CVE-2022-45416
- ALPINE:CVE-2022-45418
- ALPINE:CVE-2022-45420
- ALPINE:CVE-2022-45421
- ALSA-2022:8547
- ALSA-2022:8554
- ALSA-2022:8561
- ALSA-2022:8580
- DSA-5282-1
- DSA-5284-1
- ELSA-2022-8547
- ELSA-2022-8552
- ELSA-2022-8554
- ELSA-2022-8555
- ELSA-2022-8561
- ELSA-2022-8580
- GLSA-202211-05
- GLSA-202211-06
- MFSA-2022-47
- MFSA-2022-48
- MFSA-2022-49
- RHSA-2022:8547
- RHSA-2022:8552
- RHSA-2022:8554
- RHSA-2022:8555
- RHSA-2022:8561
- RHSA-2022:8580
- RLSA-2022:8554
- SSA:2022-320-02
- SSA:2022-320-03
- SUSE-SU-2022:4058-1
- SUSE-SU-2022:4083-1
- SUSE-SU-2022:4085-1
- SUSE-SU-2022:4247-1
- USN-5726-1
- USN-5824-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/rockylinux/thunderbird?arch=x86_64&distro=rockylinux-8.7 | rockylinux | thunderbird | < 102.5.0-2.el8_7 | rockylinux-8.7 | x86_64 | |
Affected | pkg:rpm/rockylinux/thunderbird?arch=aarch64&distro=rockylinux-8.7 | rockylinux | thunderbird | < 102.5.0-2.el8_7 | rockylinux-8.7 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |