[SUSE-SU-2023:1736-1] Security update for MozillaThunderbird
Severity
Important
Affected Packages
12
CVEs
7
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
MFSA 2023-12 (bsc#1209953):
- CVE-2023-28427: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (bmo#1822595)
MFSA 2023-11 (bsc#1209173):
- CVE-2023-25751: Incorrect code generation during JIT compilation (bmo#1814899).
- CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (bmo#1809122).
- CVE-2023-28162: Invalid downcast in Worklets (bmo#1811327).
- CVE-2023-25752: Potential out-of-bounds when accessing throttled streams (bmo#1811627).
- CVE-2023-28163: Windows Save As dialog resolved environment variables (bmo#1817768)
- CVE-2023-28176: Memory safety bugs fixed in Thunderbird 102.9 (bmo#1808352, bmo#1811637, bmo#1815904, bmo#1817442, bmo#1818674).
Mozilla Thunderbird 102.9:
- fixed: Notification about a sender's changed OpenPGP key was not immediately visible (bmo#1814003)
- fixed: TLS Certificate Override dialog did not appear when retrieving messages via IMAP using 'Get Messages' context menu (bmo#1816596)
- fixed: Spellcheck dictionaries were missing from localized Thunderbird builds that should have included them (bmo#1818257)
- fixed: Tooltips for 'Show/Hide' calendar toggle did not display (bmo#1809557)
- fixed: Various security fixes
Mozilla Thunderbird 102.9.1:
- fixed: Thunderbird was unable to open file URLs from command line (URLs beginning with 'file://') (bmo#1816343)
- fixed: Source strings for localized builds not uploaded to FTP as expected (bmo#1817086)
- fixed: Visual and theme improvements (bmo#1821358, bmo#1822286)
- fixed: Security fixes
- ID
- SUSE-SU-2023:1736-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2023/suse-su-20231736-1/
- Published
-
2023-04-03T11:12:58
(17 months ago) - Modified
-
2023-04-03T11:12:58
(17 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2023-1988
- ALPINE:CVE-2023-25751
- ALPINE:CVE-2023-25752
- ALPINE:CVE-2023-28162
- ALPINE:CVE-2023-28163
- ALPINE:CVE-2023-28164
- ALPINE:CVE-2023-28176
- ALPINE:CVE-2023-28427
- ALSA-2023:1336
- ALSA-2023:1337
- ALSA-2023:1403
- ALSA-2023:1407
- ALSA-2023:1802
- ALSA-2023:1809
- DSA-5374-1
- DSA-5375-1
- DSA-5392-1
- ELSA-2023-1333
- ELSA-2023-1336
- ELSA-2023-1337
- ELSA-2023-1401
- ELSA-2023-1403
- ELSA-2023-1407
- ELSA-2023-1802
- ELSA-2023-1806
- ELSA-2023-1809
- FREEBSD:5B0AE405-CDC7-11ED-BB39-901B0E9408DC
- GLSA-202305-35
- GLSA-202305-36
- MFSA-2023-09
- MFSA-2023-10
- MFSA-2023-11
- MFSA-2023-12
- NPM:GHSA-MWQ8-FJPF-C2GR
- RHSA-2023:1333
- RHSA-2023:1336
- RHSA-2023:1337
- RHSA-2023:1401
- RHSA-2023:1403
- RHSA-2023:1407
- RHSA-2023:1802
- RHSA-2023:1806
- RHSA-2023:1809
- RLSA-2023:1336
- RLSA-2023:1337
- RLSA-2023:1403
- RLSA-2023:1407
- RLSA-2023:1802
- RLSA-2023:1809
- SSA:2023-073-01
- SSA:2023-075-01
- SSA:2023-088-01
- SUSE-SU-2023:0728-1
- SUSE-SU-2023:0763-1
- SUSE-SU-2023:0835-1
- USN-5954-1
- USN-5972-1
- USN-6120-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird | < 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=s390x&distro=opensuse-leap-15.4 | suse | MozillaThunderbird | < 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=ppc64le&distro=opensuse-leap-15.4 | suse | MozillaThunderbird | < 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=aarch64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird | < 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | aarch64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-other | < 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=s390x&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-other | < 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=ppc64le&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-other | < 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=aarch64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-other | < 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | aarch64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-common | < 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=s390x&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-common | < 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=ppc64le&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-common | < 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=aarch64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-common | < 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |