1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2023:0599-1

[SUSE-SU-2023:0599-1] Security update for MozillaThunderbird

Severity Important
Affected Packages 12
CVEs 13
Info Packages References Vulnerabilities

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues:

Updated Mozilla Thunderbird to version 102.8.0 (bsc#1208144):
- CVE-2023-0616: Fixed User Interface lockup via messages combining S/MIME and OpenPGP.
- CVE-2023-25728: Fixed content security policy leak in violation reports using iframes.
- CVE-2023-25730: Fixed screen hijack via browser fullscreen mode.
- CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS.
- CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey.
- CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry.
- CVE-2023-25738: Fixed printing on Windows could potentially crash Thunderbird with some device drivers.
- CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext.
- CVE-2023-25729: Fixed vulnerability where extensions could have opened external schemes without user knowledge.
- CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream.
- CVE-2023-25734: Fixed issue where opening local .url files could cause unexpected network loads.
- CVE-2023-25742: Fixed tab crashing caused by Web Crypto ImportKey.
- CVE-2023-25746: Fixed memory safety bugs.

Package Affected Version
pkg:rpm/suse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.4 < 102.8.0-150200.8.105.2
pkg:rpm/suse/MozillaThunderbird?arch=s390x&distro=opensuse-leap-15.4 < 102.8.0-150200.8.105.2
pkg:rpm/suse/MozillaThunderbird?arch=ppc64le&distro=opensuse-leap-15.4 < 102.8.0-150200.8.105.2
pkg:rpm/suse/MozillaThunderbird?arch=aarch64&distro=opensuse-leap-15.4 < 102.8.0-150200.8.105.2
pkg:rpm/suse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.4 < 102.8.0-150200.8.105.2
pkg:rpm/suse/MozillaThunderbird-translations-other?arch=s390x&distro=opensuse-leap-15.4 < 102.8.0-150200.8.105.2
pkg:rpm/suse/MozillaThunderbird-translations-other?arch=ppc64le&distro=opensuse-leap-15.4 < 102.8.0-150200.8.105.2
pkg:rpm/suse/MozillaThunderbird-translations-other?arch=aarch64&distro=opensuse-leap-15.4 < 102.8.0-150200.8.105.2
pkg:rpm/suse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.4 < 102.8.0-150200.8.105.2
pkg:rpm/suse/MozillaThunderbird-translations-common?arch=s390x&distro=opensuse-leap-15.4 < 102.8.0-150200.8.105.2
pkg:rpm/suse/MozillaThunderbird-translations-common?arch=ppc64le&distro=opensuse-leap-15.4 < 102.8.0-150200.8.105.2
pkg:rpm/suse/MozillaThunderbird-translations-common?arch=aarch64&distro=opensuse-leap-15.4 < 102.8.0-150200.8.105.2
ID
SUSE-SU-2023:0599-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2023/suse-su-20230599-1/
Published
2023-03-02T13:52:14
(18 months ago)
Modified
2023-03-02T13:52:14
(18 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0599-1.json
Suse URL for SUSE-SU-2023:0599-1 https://www.suse.com/support/update/announcement/2023/suse-su-20230599-1/
Suse E-Mail link for SUSE-SU-2023:0599-1 https://lists.suse.com/pipermail/sle-security-updates/2023-March/013965.html
Bugzilla SUSE Bug 1208144 https://bugzilla.suse.com/1208144
CVE SUSE CVE CVE-2023-0616 page https://www.suse.com/security/cve/CVE-2023-0616/
CVE SUSE CVE CVE-2023-0767 page https://www.suse.com/security/cve/CVE-2023-0767/
CVE SUSE CVE CVE-2023-25728 page https://www.suse.com/security/cve/CVE-2023-25728/
CVE SUSE CVE CVE-2023-25729 page https://www.suse.com/security/cve/CVE-2023-25729/
CVE SUSE CVE CVE-2023-25730 page https://www.suse.com/security/cve/CVE-2023-25730/
CVE SUSE CVE CVE-2023-25732 page https://www.suse.com/security/cve/CVE-2023-25732/
CVE SUSE CVE CVE-2023-25734 page https://www.suse.com/security/cve/CVE-2023-25734/
CVE SUSE CVE CVE-2023-25735 page https://www.suse.com/security/cve/CVE-2023-25735/
CVE SUSE CVE CVE-2023-25737 page https://www.suse.com/security/cve/CVE-2023-25737/
CVE SUSE CVE CVE-2023-25738 page https://www.suse.com/security/cve/CVE-2023-25738/
CVE SUSE CVE CVE-2023-25739 page https://www.suse.com/security/cve/CVE-2023-25739/
CVE SUSE CVE CVE-2023-25742 page https://www.suse.com/security/cve/CVE-2023-25742/
CVE SUSE CVE CVE-2023-25746 page https://www.suse.com/security/cve/CVE-2023-25746/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.4 suse MozillaThunderbird < 102.8.0-150200.8.105.2 opensuse-leap-15.4 x86_64
Affected pkg:rpm/suse/MozillaThunderbird?arch=s390x&distro=opensuse-leap-15.4 suse MozillaThunderbird < 102.8.0-150200.8.105.2 opensuse-leap-15.4 s390x
Affected pkg:rpm/suse/MozillaThunderbird?arch=ppc64le&distro=opensuse-leap-15.4 suse MozillaThunderbird < 102.8.0-150200.8.105.2 opensuse-leap-15.4 ppc64le
Affected pkg:rpm/suse/MozillaThunderbird?arch=aarch64&distro=opensuse-leap-15.4 suse MozillaThunderbird < 102.8.0-150200.8.105.2 opensuse-leap-15.4 aarch64
Affected pkg:rpm/suse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.4 suse MozillaThunderbird-translations-other < 102.8.0-150200.8.105.2 opensuse-leap-15.4 x86_64
Affected pkg:rpm/suse/MozillaThunderbird-translations-other?arch=s390x&distro=opensuse-leap-15.4 suse MozillaThunderbird-translations-other < 102.8.0-150200.8.105.2 opensuse-leap-15.4 s390x
Affected pkg:rpm/suse/MozillaThunderbird-translations-other?arch=ppc64le&distro=opensuse-leap-15.4 suse MozillaThunderbird-translations-other < 102.8.0-150200.8.105.2 opensuse-leap-15.4 ppc64le
Affected pkg:rpm/suse/MozillaThunderbird-translations-other?arch=aarch64&distro=opensuse-leap-15.4 suse MozillaThunderbird-translations-other < 102.8.0-150200.8.105.2 opensuse-leap-15.4 aarch64
Affected pkg:rpm/suse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.4 suse MozillaThunderbird-translations-common < 102.8.0-150200.8.105.2 opensuse-leap-15.4 x86_64
Affected pkg:rpm/suse/MozillaThunderbird-translations-common?arch=s390x&distro=opensuse-leap-15.4 suse MozillaThunderbird-translations-common < 102.8.0-150200.8.105.2 opensuse-leap-15.4 s390x
Affected pkg:rpm/suse/MozillaThunderbird-translations-common?arch=ppc64le&distro=opensuse-leap-15.4 suse MozillaThunderbird-translations-common < 102.8.0-150200.8.105.2 opensuse-leap-15.4 ppc64le
Affected pkg:rpm/suse/MozillaThunderbird-translations-common?arch=aarch64&distro=opensuse-leap-15.4 suse MozillaThunderbird-translations-common < 102.8.0-150200.8.105.2 opensuse-leap-15.4 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date