[RLSA-2023:1802] thunderbird security update
An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.10.0.
Security Fix(es):
Thunderbird: Revocation status of S/Mime recipient certificates was not checked (CVE-2023-0547)
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2023-28427)
Mozilla: Fullscreen notification obscured (CVE-2023-29533)
Mozilla: Potential Memory Corruption following Garbage Collector compaction (CVE-2023-29535)
Mozilla: Invalid free from JavaScript code (CVE-2023-29536)
Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (CVE-2023-29550)
Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)
Thunderbird: Hang when processing certain OpenPGP messages (CVE-2023-29479)
Mozilla: Content-Disposition filename truncation leads to Reflected File Download (CVE-2023-29539)
Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux (CVE-2023-29541)
Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)
MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Package | Affected Version |
|---|---|
 pkg:rpm/rockylinux/thunderbird?arch=x86_64&distro=rockylinux-8.7
|
< 102.10.0-2.el8_7 |
|
pkg:rpm/rockylinux/thunderbird?arch=aarch64&distro=rockylinux-8.7
|
< 102.10.0-2.el8_7 |
- ID
- RLSA-2023:1802
- Severity
- important
- URL
- https://errata.rockylinux.org/RLSA-2023:1802
- Published
-
2023-04-26T15:28:13
(17 months ago) - Modified
-
2023-04-26T15:29:58
(17 months ago) - Rights
- Copyright 2024 Rocky Enterprise Software Foundation
- Other Advisories
-
-
ALAS2-2023-2028
-
ALPINE:CVE-2023-1945
-
ALPINE:CVE-2023-28427
-
ALPINE:CVE-2023-29533
-
ALPINE:CVE-2023-29535
-
ALPINE:CVE-2023-29536
-
ALPINE:CVE-2023-29539
-
ALPINE:CVE-2023-29541
-
ALPINE:CVE-2023-29548
-
ALPINE:CVE-2023-29550
-
ALSA-2023:1786
-
ALSA-2023:1787
-
ALSA-2023:1802
-
ALSA-2023:1809
-
DSA-5385-1
-
DSA-5392-1
-
ELSA-2023-1786
-
ELSA-2023-1787
-
ELSA-2023-1791
-
ELSA-2023-1802
-
ELSA-2023-1806
-
ELSA-2023-1809
-
FEDORA-2023-0b5ccd1812
-
FEDORA-2023-609db87741
-
FEDORA-2023-cf4df6380b
-
FREEBSD:5B0AE405-CDC7-11ED-BB39-901B0E9408DC
-
GLSA-202305-35
-
GLSA-202305-36
-
MFSA-2023-12
-
MFSA-2023-13
-
MFSA-2023-14
-
MFSA-2023-15
-
NPM:GHSA-MWQ8-FJPF-C2GR
-
RHSA-2023:1786
-
RHSA-2023:1787
-
RHSA-2023:1791
-
RHSA-2023:1802
-
RHSA-2023:1806
-
RHSA-2023:1809
-
RLSA-2023:1809
-
SSA:2023-088-01
-
SSA:2023-101-01
-
SSA:2023-102-01
-
SUSE-SU-2023:1736-1
-
SUSE-SU-2023:1817-1
-
SUSE-SU-2023:1819-1
-
SUSE-SU-2023:1855-1
-
SUSE-SU-2023:2064-1
-
USN-6010-1
-
USN-6015-1
-
USN-6120-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/rockylinux/thunderbird?arch=x86_64&distro=rockylinux-8.7 | rockylinux |
thunderbird
|
< 102.10.0-2.el8_7 | rockylinux-8.7 | x86_64 | |
| Affected | pkg:rpm/rockylinux/thunderbird?arch=aarch64&distro=rockylinux-8.7 | rockylinux |
thunderbird
|
< 102.10.0-2.el8_7 | rockylinux-8.7 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |