Advisories ยป MGASA-2023-0057

Updated thunderbird packages fix security vulnerability

Publication date: 20 Feb 2023
Modification date: 20 Feb 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-0616 , CVE-2023-0767 , CVE-2023-25728 , CVE-2023-25729 , CVE-2023-25730 , CVE-2023-25732 , CVE-2023-25735 , CVE-2023-25737 , CVE-2023-25739 , CVE-2023-25742 , CVE-2023-25746


User Interface lockup with messages combining S/MIME and OpenPGP.

Content security policy leak in violation reports using iframes.

Screen hijack via browser fullscreen mode. (CVE-2023-25730)

Arbitrary memory write via PKCS 12 in NSS. (CVE-2023-0767)

Potential use-after-free from compartment mismatch in SpiderMonkey.

Invalid downcast in SVGUtils::SetupStrokeGeometry. (CVE-2023-25737)

Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext.

Extensions could have opened external schemes without user knowledge.

Out of bounds memory write from EncodeInputStream. (CVE-2023-25732)

Web Crypto ImportKey crashes tab. (CVE-2023-25742)

Memory safety bugs fixed in Thunderbird 102.8. (CVE-2023-25746)