Mageia Advisory: MGASA-2023-0057 - Updated thunderbird packages fix security vulnerability

Updated thunderbird packages fix security vulnerability

Publication date: 20 Feb 2023
Modification date: 20 Feb 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-0616 , CVE-2023-0767 , CVE-2023-25728 , CVE-2023-25729 , CVE-2023-25730 , CVE-2023-25732 , CVE-2023-25735 , CVE-2023-25737 , CVE-2023-25739 , CVE-2023-25742 , CVE-2023-25746

Description

User Interface lockup with messages combining S/MIME and OpenPGP.
(CVE-2023-0616)

Content security policy leak in violation reports using iframes.
(CVE-2023-25728)

Screen hijack via browser fullscreen mode. (CVE-2023-25730)

Arbitrary memory write via PKCS 12 in NSS. (CVE-2023-0767)

Potential use-after-free from compartment mismatch in SpiderMonkey.
(CVE-2023-25735)

Invalid downcast in SVGUtils::SetupStrokeGeometry. (CVE-2023-25737)

Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext.
(CVE-2023-25739)

Extensions could have opened external schemes without user knowledge.
(CVE-2023-25729)

Out of bounds memory write from EncodeInputStream. (CVE-2023-25732)

Web Crypto ImportKey crashes tab. (CVE-2023-25742)

Memory safety bugs fixed in Thunderbird 102.8. (CVE-2023-25746)

References

SRPMS

8/core

thunderbird-102.8.0-1.mga8
thunderbird-l10n-102.8.0-1.mga8

Advisories » MGASA-2023-0057

Updated thunderbird packages fix security vulnerability

Description

References

SRPMS

8/core