RLSA-2023:0824 --- thunderbirdID: oval:org.secpod.oval:def:5800004 | Date: (C)2023-03-23 (M)2024-03-27 |
Class: PATCH | Family: unix |
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Security Fix: * Mozilla: Arbitrary memory write via PKCS 12 in NSS * Mozilla: Content security policy leak in violation reports using iframes * Mozilla: Screen hijack via browser fullscreen mode * Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey * Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry * Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext * Mozilla: Fullscreen notification not shown in Firefox Focus * Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 * Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 * Mozilla: Extensions could have opened external schemes without user knowledge * Mozilla: Out of bounds memory write from EncodeInputStream * Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP * Mozilla: Web Crypto ImportKey crashes tab For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.