[SUSE-SU-2023:0599-1] Security update for MozillaThunderbird
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
Updated Mozilla Thunderbird to version 102.8.0 (bsc#1208144):
- CVE-2023-0616: Fixed User Interface lockup via messages combining S/MIME and OpenPGP.
- CVE-2023-25728: Fixed content security policy leak in violation reports using iframes.
- CVE-2023-25730: Fixed screen hijack via browser fullscreen mode.
- CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS.
- CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey.
- CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry.
- CVE-2023-25738: Fixed printing on Windows could potentially crash Thunderbird with some device drivers.
- CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext.
- CVE-2023-25729: Fixed vulnerability where extensions could have opened external schemes without user knowledge.
- CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream.
- CVE-2023-25734: Fixed issue where opening local .url files could cause unexpected network loads.
- CVE-2023-25742: Fixed tab crashing caused by Web Crypto ImportKey.
- CVE-2023-25746: Fixed memory safety bugs.
- ID
- SUSE-SU-2023:0599-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2023/suse-su-20230599-1/
- Published
-
2023-03-02T13:52:14
(18 months ago) - Modified
-
2023-03-02T13:52:14
(18 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2023-1736
- ALAS2-2023-1983
- ALAS2-2023-1992
- ALPINE:CVE-2023-0767
- ALPINE:CVE-2023-25728
- ALPINE:CVE-2023-25729
- ALPINE:CVE-2023-25730
- ALPINE:CVE-2023-25732
- ALPINE:CVE-2023-25734
- ALPINE:CVE-2023-25735
- ALPINE:CVE-2023-25737
- ALPINE:CVE-2023-25738
- ALPINE:CVE-2023-25739
- ALPINE:CVE-2023-25742
- ALPINE:CVE-2023-25746
- ALSA-2023:0808
- ALSA-2023:0810
- ALSA-2023:0821
- ALSA-2023:0824
- ALSA-2023:1252
- ALSA-2023:1368
- DSA-5350-1
- DSA-5353-1
- DSA-5355-1
- ELSA-2023-0808
- ELSA-2023-0810
- ELSA-2023-0812
- ELSA-2023-0817
- ELSA-2023-0821
- ELSA-2023-0824
- ELSA-2023-12238
- ELSA-2023-1252
- ELSA-2023-1332
- ELSA-2023-1368
- GLSA-202305-35
- GLSA-202305-36
- MFSA-2023-05
- MFSA-2023-06
- MFSA-2023-07
- RHSA-2023:0808
- RHSA-2023:0810
- RHSA-2023:0812
- RHSA-2023:0817
- RHSA-2023:0821
- RHSA-2023:0824
- RHSA-2023:1252
- RHSA-2023:1332
- RHSA-2023:1368
- RLSA-2023:0808
- RLSA-2023:0810
- RLSA-2023:0821
- RLSA-2023:0824
- RLSA-2023:1252
- RLSA-2023:1368
- SSA:2023-045-01
- SSA:2023-047-01
- SUSE-SU-2023:0434-1
- SUSE-SU-2023:0443-1
- SUSE-SU-2023:0461-1
- SUSE-SU-2023:0466-1
- SUSE-SU-2023:0468-1
- SUSE-SU-2023:0469-1
- USN-5880-1
- USN-5892-1
- USN-5892-2
- USN-5943-1
- USN-6120-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird | < 102.8.0-150200.8.105.2 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=s390x&distro=opensuse-leap-15.4 | suse | MozillaThunderbird | < 102.8.0-150200.8.105.2 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=ppc64le&distro=opensuse-leap-15.4 | suse | MozillaThunderbird | < 102.8.0-150200.8.105.2 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=aarch64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird | < 102.8.0-150200.8.105.2 | opensuse-leap-15.4 | aarch64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-other | < 102.8.0-150200.8.105.2 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=s390x&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-other | < 102.8.0-150200.8.105.2 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=ppc64le&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-other | < 102.8.0-150200.8.105.2 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=aarch64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-other | < 102.8.0-150200.8.105.2 | opensuse-leap-15.4 | aarch64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-common | < 102.8.0-150200.8.105.2 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=s390x&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-common | < 102.8.0-150200.8.105.2 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=ppc64le&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-common | < 102.8.0-150200.8.105.2 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=aarch64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-common | < 102.8.0-150200.8.105.2 | opensuse-leap-15.4 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |