AlmaLinuxALSA-2023:7501Important: thunderbird security update
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.3%
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 115.5.0.
Security Fix(es):
- Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)
- Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)
- Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)
- Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)
- Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)
- Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)
- Mozilla: Incorrect parsing of relative URLs starting with “///” (CVE-2023-6209)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 9 | aarch64 | thunderbird | < 115.5.0-1.el9_3.alma | thunderbird-115.5.0-1.el9_3.alma.aarch64.rpm |
| almalinux | 9 | ppc64le | thunderbird | < 115.5.0-1.el9_3.alma | thunderbird-115.5.0-1.el9_3.alma.ppc64le.rpm |
| almalinux | 9 | x86_64 | thunderbird | < 115.5.0-1.el9_3.alma | thunderbird-115.5.0-1.el9_3.alma.x86_64.rpm |
| almalinux | 9 | s390x | thunderbird | < 115.5.0-1.el9_3.alma | thunderbird-115.5.0-1.el9_3.alma.s390x.rpm |
References
access.redhat.com/errata/RHSA-2023:7501
access.redhat.com/security/cve/CVE-2023-6204
access.redhat.com/security/cve/CVE-2023-6205
access.redhat.com/security/cve/CVE-2023-6206
access.redhat.com/security/cve/CVE-2023-6207
access.redhat.com/security/cve/CVE-2023-6208
access.redhat.com/security/cve/CVE-2023-6209
access.redhat.com/security/cve/CVE-2023-6212
bugzilla.redhat.com/2250896
bugzilla.redhat.com/2250897
bugzilla.redhat.com/2250898
bugzilla.redhat.com/2250899
bugzilla.redhat.com/2250900
bugzilla.redhat.com/2250901
bugzilla.redhat.com/2250902
errata.almalinux.org/9/ALSA-2023-7501.html
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.3%