Lucene search

K
redhatRedHatRHSA-2023:4065
HistoryJul 13, 2023 - 7:33 a.m.

(RHSA-2023:4065) Important: thunderbird security update

2023-07-1307:33:07
CWE-120
access.redhat.com
18
mozilla
thunderbird
security fix
cve-2023-37201
cve-2023-37202
cve-2023-37211
cve-2023-37207
cve-2023-37208
webrtc
spidermonkey
memory safety
fullscreen notification
diagcab files

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.7%

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.13.0.

Security Fix(es):

  • Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

  • Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)

  • Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)

  • Mozilla: Fullscreen notification obscured (CVE-2023-37207)

  • Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected configurations

Vulners
Node
redhatthunderbirdRange102.13.0-2.el7_9
OR
redhatfirefoxRange102.13.0-2.el7_9
OR
redhatthunderbirdRange102.13.0-2.el8_8
OR
redhatfirefoxRange102.13.0-2.el8_8
OR
redhatthunderbird-0Range102.13.0-2.el8_1
OR
redhatfirefox-0Range102.13.0-2.el8_1
OR
redhatthunderbird-0Range102.13.0-2.el8_2
OR
redhatfirefox-0Range102.13.0-2.el8_2
OR
redhatthunderbird-0Range102.13.0-2.el8_4
OR
redhatfirefox-0Range102.13.0-2.el8_4
OR
redhatthunderbird-0Range102.13.0-2.el8_6
OR
redhatfirefox-0Range102.13.0-2.el8_6
OR
redhatthunderbirdRange102.13.0-2.el9_2
OR
redhatfirefoxRange102.13.0-2.el9_2
OR
redhatthunderbird-0Range102.13.0-2.el9_0
OR
redhatfirefox-0Range102.13.0-2.el9_0
AND
redhatenterprise_linuxMatch7
OR
redhatenterprise_linuxMatch8
OR
redhatenterprise_linuxMatch9
VendorProductVersionCPE
redhatthunderbird*cpe:2.3:a:redhat:thunderbird:*:*:*:*:*:*:*:*
redhatfirefox*cpe:2.3:a:redhat:firefox:*:*:*:*:*:*:*:*
redhatthunderbird-0*cpe:2.3:a:redhat:thunderbird-0:*:*:*:*:*:*:*:*
redhatfirefox-0*cpe:2.3:a:redhat:firefox-0:*:*:*:*:*:*:*:*
redhatenterprise_linux7cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
redhatenterprise_linux8cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
redhatenterprise_linux9cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.7%