Lucene search

K
rockyRockylinux Product ErrataRLSA-2023:0463
HistoryJan 25, 2023 - 3:07 p.m.

thunderbird security update

2023-01-2515:07:38
Rockylinux Product Errata
errata.rockylinux.org
19
thunderbird
security update
rocky linux 8
cvss
cve
vulnerabilities
mozilla
update
version 102.7.1
security fix
libusrsctp library
arbitrary file read
memory safety bugs
malicious command
url
content security policy
devtools output
navigation
websockets
fullscreen notification
console.log

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.3%

An update is available for thunderbird.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.7.1.

Security Fix(es):

  • Mozilla: libusrsctp library out of date (CVE-2022-46871)

  • Mozilla: Arbitrary file read from GTK drag and drop on Linux (CVE-2023-23598)

  • Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7 (CVE-2023-23605)

  • Mozilla: Malicious command could be hidden in devtools output (CVE-2023-23599)

  • Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation (CVE-2023-23601)

  • Mozilla: Content Security Policy wasn’t being correctly applied to WebSockets in WebWorkers (CVE-2023-23602)

  • Mozilla: Fullscreen notification bypass (CVE-2022-46877)

  • Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive (CVE-2023-23603)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.3%