RHSA-2022:8561-01 -- Redhat thunderbirdID: oval:org.secpod.oval:def:507415 | Date: (C)2022-12-01 (M)2023-08-16 |
Class: PATCH | Family: unix |
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Security Fix: * Mozilla: Service Workers might have learned size of cross-origin media files * Mozilla: Fullscreen notification bypass * Mozilla: Use-after-free in InputStream implementation * Mozilla: Use-after-free of a JavaScript Realm * Mozilla: Fullscreen notification bypass via windowName * Mozilla: Use-after-free in Garbage Collection * Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 * Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy * Mozilla: Cross-Site Tracing was possible via non-standard override headers * Mozilla: Symlinks may resolve to partially uninitialized buffers * Mozilla: Keystroke Side-Channel Leakage * Mozilla: Custom mouse cursor could have been drawn over browser UI * Mozilla: Iframe contents could be rendered outside the iframe For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Platform: |
Red Hat Enterprise Linux 9 |