Lucene search

K
redhatRedHatRHSA-2023:4068
HistoryJul 13, 2023 - 7:34 a.m.

(RHSA-2023:4068) Important: thunderbird security update

2023-07-1307:34:19
CWE-120
access.redhat.com
12
mozilla thunderbird
webrtc certificate generation
spidermonkey
memory safety bugs
fullscreen notification
diagcab files
cve-2023-37201
cve-2023-37202
cve-2023-37211
cve-2023-37207
cve-2023-37208

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.7%

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.13.0.

Security Fix(es):

  • Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)

  • Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)

  • Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)

  • Mozilla: Fullscreen notification obscured (CVE-2023-37207)

  • Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected configurations

Vulners
Node
redhatthunderbirdRange102.13.0-2.el7_9
OR
redhatfirefoxRange102.13.0-2.el7_9
OR
redhatthunderbirdRange102.13.0-2.el8_8
OR
redhatfirefoxRange102.13.0-2.el8_8
OR
redhatthunderbird-0Range102.13.0-2.el8_1
OR
redhatfirefox-0Range102.13.0-2.el8_1
OR
redhatthunderbird-0Range102.13.0-2.el8_2
OR
redhatfirefox-0Range102.13.0-2.el8_2
OR
redhatthunderbird-0Range102.13.0-2.el8_4
OR
redhatfirefox-0Range102.13.0-2.el8_4
OR
redhatthunderbird-0Range102.13.0-2.el8_6
OR
redhatfirefox-0Range102.13.0-2.el8_6
OR
redhatthunderbirdRange102.13.0-2.el9_2
OR
redhatfirefoxRange102.13.0-2.el9_2
OR
redhatthunderbird-0Range102.13.0-2.el9_0
OR
redhatfirefox-0Range102.13.0-2.el9_0
AND
redhatenterprise_linuxMatch7
OR
redhatenterprise_linuxMatch8
OR
redhatenterprise_linuxMatch9
VendorProductVersionCPE
redhatthunderbird*cpe:2.3:a:redhat:thunderbird:*:*:*:*:*:*:*:*
redhatfirefox*cpe:2.3:a:redhat:firefox:*:*:*:*:*:*:*:*
redhatthunderbird-0*cpe:2.3:a:redhat:thunderbird-0:*:*:*:*:*:*:*:*
redhatfirefox-0*cpe:2.3:a:redhat:firefox-0:*:*:*:*:*:*:*:*
redhatenterprise_linux7cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
redhatenterprise_linux8cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
redhatenterprise_linux9cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.7%