RHSA-2022:5480-01 -- Redhat thunderbirdID: oval:org.secpod.oval:def:507065 | Date: (C)2022-07-12 (M)2023-08-16 |
Class: PATCH | Family: unix |
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.11. Security Fix: * Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI * Mozilla: Use-after-free in nsSHistory * Mozilla: A popup window could be resized in a way to overlay the address bar with web content * Mozilla: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 * Mozilla: Undesired attributes could be set as part of prototype pollution * Mozilla: An email with a mismatching OpenPGP signature date was accepted as valid * Mozilla: CSP bypass enabling stylesheet injection * Mozilla: Unavailable PAC file resulted in OCSP requests being blocked * Mozilla: Potential integer overflow in ReplaceElementsAt For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Platform: |
Red Hat Enterprise Linux 7 |