Updated thunderbird packages fix security vulnerability
Publication date: 24 Mar 2023Modification date: 24 Mar 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-25751 , CVE-2023-25752 , CVE-2023-28162 , CVE-2023-28164 , CVE-2023-28176
Description
Incorrect code generation during JIT compilation. (CVE-2023-25751)
Potential out-of-bounds when accessing throttled streams. (CVE-20223-25752)
Invalid downcast in Worklets. (CVE-2023-28162)
URL being dragged from a removed cross-origin iframe into the same tab
triggered navigation. (CVE-2023-28164)
Memory safety bugs fixed in Thunderbird 102.9. (CVE-2023-28176)
References
- https://bugs.mageia.org/show_bug.cgi?id=31684
- https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25751
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25752
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28162
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28164
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28176
SRPMS
8/core
- thunderbird-102.9.0-1.mga8
- thunderbird-l10n-102.9.0-1.mga8