Advisories ยป MGASA-2023-0034

Updated thunderbird packages fix security vulnerability

Publication date: 07 Feb 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-46871 , CVE-2022-46877 , CVE-2023-0430 , CVE-2023-23598 , CVE-2023-23601 , CVE-2023-23602 , CVE-2023-23603 , CVE-2023-23605

Description

libusrsctp library out of date. (CVE-2022-46871)

Arbitrary file read from GTK drag and drop on Linux. (CVE-2023-23598)

URL being dragged from cross-origin iframe into same tab triggers
navigation. (CVE-2023-23601)

Content Security Policy wasn't being correctly applied to WebSockets in
WebWorkers. (CVE-2023-23602)

Fullscreen notification bypass. (CVE-2022-46877)

Calls to console.log allowed bypasing Content Security Policy
via format directive. (CVE-2023-23603)

Memory safety bugs fixed in Thunderbird 102.7. (CVE-2023-23605)

Revocation status of S/Mime signature certificates was not checked.
(CVE-2023-0430)
                

References

SRPMS

8/core