Advisories ยป MGASA-2022-0428

Updated thunderbird packages fix security vulnerability

Publication date: 17 Nov 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-45403 , CVE-2022-45404 , CVE-2022-45405 , CVE-2022-45406 , CVE-2022-45408 , CVE-2022-45409 , CVE-2022-45410 , CVE-2022-45411 , CVE-2022-45412 , CVE-2022-45416 , CVE-2022-45418 , CVE-2022-45420 , CVE-2022-45421

Description

Service Workers might have learned size of cross-origin media files.
(CVE-2022-45403)

Fullscreen notification bypass. (CVE-2022-45404)

Use-after-free in InputStream implementation. (CVE-2022-45405)

Use-after-free of a JavaScript Realm. (CVE-2022-45406)

Fullscreen notification bypass via windowName. (CVE-2022-45408)

Use-after-free in Garbage Collection. (CVE-2022-45409)

ServiceWorker-intercepted requests bypassed SameSite cookie policy.
(CVE-2022-45410)

Cross-Site Tracing was possible via non-standard override headers.
(CVE-2022-45411)

Symlinks may resolve to partially uninitialized buffers. (CVE-2022-45412)

Keystroke Side-Channel Leakage. (CVE-2022-45416)

Custom mouse cursor could have been drawn over browser UI. (CVE-2022-45418)

Iframe contents could be rendered outside the iframe. (CVE-2022-45420)

Memory safety bugs fixed in Thunderbird 102.5. (CVE-2022-45421)
                

References

SRPMS

8/core