[SUSE-SU-2023:1736-1] Security update for MozillaThunderbird
Severity
Important
Affected Packages
12
CVEs
7
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
MFSA 2023-12 (bsc#1209953):
- CVE-2023-28427: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (bmo#1822595)
MFSA 2023-11 (bsc#1209173):
- CVE-2023-25751: Incorrect code generation during JIT compilation (bmo#1814899).
- CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (bmo#1809122).
- CVE-2023-28162: Invalid downcast in Worklets (bmo#1811327).
- CVE-2023-25752: Potential out-of-bounds when accessing throttled streams (bmo#1811627).
- CVE-2023-28163: Windows Save As dialog resolved environment variables (bmo#1817768)
- CVE-2023-28176: Memory safety bugs fixed in Thunderbird 102.9 (bmo#1808352, bmo#1811637, bmo#1815904, bmo#1817442, bmo#1818674).
Mozilla Thunderbird 102.9:
- fixed: Notification about a sender's changed OpenPGP key was not immediately visible (bmo#1814003)
- fixed: TLS Certificate Override dialog did not appear when retrieving messages via IMAP using 'Get Messages' context menu (bmo#1816596)
- fixed: Spellcheck dictionaries were missing from localized Thunderbird builds that should have included them (bmo#1818257)
- fixed: Tooltips for 'Show/Hide' calendar toggle did not display (bmo#1809557)
- fixed: Various security fixes
Mozilla Thunderbird 102.9.1:
- fixed: Thunderbird was unable to open file URLs from command line (URLs beginning with 'file://') (bmo#1816343)
- fixed: Source strings for localized builds not uploaded to FTP as expected (bmo#1817086)
- fixed: Visual and theme improvements (bmo#1821358, bmo#1822286)
- fixed: Security fixes
- ID
- SUSE-SU-2023:1736-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2023/suse-su-20231736-1/
- Published
-
2023-04-03T11:12:58
(17 months ago) - Modified
-
2023-04-03T11:12:58
(17 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS2-2023-1988
-
ALPINE:CVE-2023-25751
-
ALPINE:CVE-2023-25752
-
ALPINE:CVE-2023-28162
-
ALPINE:CVE-2023-28163
-
ALPINE:CVE-2023-28164
-
ALPINE:CVE-2023-28176
-
ALPINE:CVE-2023-28427
-
ALSA-2023:1336
-
ALSA-2023:1337
-
ALSA-2023:1403
-
ALSA-2023:1407
-
ALSA-2023:1802
-
ALSA-2023:1809
-
DSA-5374-1
-
DSA-5375-1
-
DSA-5392-1
-
ELSA-2023-1333
-
ELSA-2023-1336
-
ELSA-2023-1337
-
ELSA-2023-1401
-
ELSA-2023-1403
-
ELSA-2023-1407
-
ELSA-2023-1802
-
ELSA-2023-1806
-
ELSA-2023-1809
-
FREEBSD:5B0AE405-CDC7-11ED-BB39-901B0E9408DC
-
GLSA-202305-35
-
GLSA-202305-36
-
MFSA-2023-09
-
MFSA-2023-10
-
MFSA-2023-11
-
MFSA-2023-12
-
NPM:GHSA-MWQ8-FJPF-C2GR
-
RHSA-2023:1333
-
RHSA-2023:1336
-
RHSA-2023:1337
-
RHSA-2023:1401
-
RHSA-2023:1403
-
RHSA-2023:1407
-
RHSA-2023:1802
-
RHSA-2023:1806
-
RHSA-2023:1809
-
RLSA-2023:1336
-
RLSA-2023:1337
-
RLSA-2023:1403
-
RLSA-2023:1407
-
RLSA-2023:1802
-
RLSA-2023:1809
-
SSA:2023-073-01
-
SSA:2023-075-01
-
SSA:2023-088-01
-
SUSE-SU-2023:0728-1
-
SUSE-SU-2023:0763-1
-
SUSE-SU-2023:0835-1
-
USN-5954-1
-
USN-5972-1
-
USN-6120-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/suse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.4 | suse |
 MozillaThunderbird
|
< 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | x86_64 | |
| Affected | pkg:rpm/suse/MozillaThunderbird?arch=s390x&distro=opensuse-leap-15.4 | suse |
MozillaThunderbird
|
< 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | s390x | |
| Affected | pkg:rpm/suse/MozillaThunderbird?arch=ppc64le&distro=opensuse-leap-15.4 | suse |
MozillaThunderbird
|
< 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | ppc64le | |
| Affected | pkg:rpm/suse/MozillaThunderbird?arch=aarch64&distro=opensuse-leap-15.4 | suse |
MozillaThunderbird
|
< 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | aarch64 | |
| Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.4 | suse |
MozillaThunderbird-translations-other
|
< 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | x86_64 | |
| Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=s390x&distro=opensuse-leap-15.4 | suse |
MozillaThunderbird-translations-other
|
< 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | s390x | |
| Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=ppc64le&distro=opensuse-leap-15.4 | suse |
MozillaThunderbird-translations-other
|
< 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | ppc64le | |
| Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=aarch64&distro=opensuse-leap-15.4 | suse |
MozillaThunderbird-translations-other
|
< 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | aarch64 | |
| Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.4 | suse |
MozillaThunderbird-translations-common
|
< 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | x86_64 | |
| Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=s390x&distro=opensuse-leap-15.4 | suse |
MozillaThunderbird-translations-common
|
< 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | s390x | |
| Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=ppc64le&distro=opensuse-leap-15.4 | suse |
MozillaThunderbird-translations-common
|
< 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | ppc64le | |
| Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=aarch64&distro=opensuse-leap-15.4 | suse |
MozillaThunderbird-translations-common
|
< 102.9.1-150200.8.110.2 | opensuse-leap-15.4 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |