Advisories ยป MGASA-2022-0163

Updated thunderbird packages fix security vulnerability

Publication date: 06 May 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-1520 , CVE-2022-29909 , CVE-2022-29911 , CVE-2022-29912 , CVE-2022-29913 , CVE-2022-29914 , CVE-2022-29916 , CVE-2022-29917

Description

Incorrect security status shown after viewing an attached email.
(CVE-2022-1520)
Fullscreen notification bypass using popups. (CVE-2022-29914)
Bypassing permission prompt in nested browsing contexts. (CVE-2022-29909)
Leaking browser history with CSS variables. (CVE-2022-29916)
iframe sandbox bypass. (CVE-2022-29911)
Reader mode bypassed SameSite cookies. (CVE-2022-29912)
Speech Synthesis feature not properly disabled. (CVE-2022-29913)
Memory safety bugs fixed in Thunderbird 91.9. (CVE-2022-29917)
                

References

SRPMS

8/core