{ "schema_version": "1.7.0", "id": "MGASA-2022-0163", "published": "2022-05-06T20:16:39Z", "modified": "2022-05-06T19:28:41Z", "summary": "Updated thunderbird packages fix security vulnerability", "details": "Incorrect security status shown after viewing an attached email.\n(CVE-2022-1520)\nFullscreen notification bypass using popups. (CVE-2022-29914)\nBypassing permission prompt in nested browsing contexts. (CVE-2022-29909)\nLeaking browser history with CSS variables. (CVE-2022-29916)\niframe sandbox bypass. (CVE-2022-29911)\nReader mode bypassed SameSite cookies. (CVE-2022-29912)\nSpeech Synthesis feature not properly disabled. (CVE-2022-29913)\nMemory safety bugs fixed in Thunderbird 91.9. (CVE-2022-29917)\n", "upstream": [ "CVE-2022-1520", "CVE-2022-29909", "CVE-2022-29911", "CVE-2022-29912", "CVE-2022-29913", "CVE-2022-29914", "CVE-2022-29916", "CVE-2022-29917" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2022-0163.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=30374" }, { "type": "ADVISORY", "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/" }, { "type": "WEB", "url": "https://www.thunderbird.net/en-US/thunderbird/91.9.0/releasenotes/" } ], "affected": [ { "package": { "ecosystem": "Mageia:8", "name": "thunderbird", "purl": "pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-8" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "91.9.0-1.mga8" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:8", "name": "thunderbird-l10n", "purl": "pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-8" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "91.9.0-1.mga8" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }