MGASA-2023-0343

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2023-0343.html
Import Source
https://advisories.mageia.org/MGASA-2023-0343.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2023-0343
Related
Published
2023-12-08T10:55:49Z
Modified
2023-12-08T10:36:19Z
Summary
Updated thunderbird packages fix security vulnerabilities
Details

The updated packages fix security vulnerabilities.

Out-of-bound memory access in WebGL2 blitFramebuffer. (CVE-2023-6204)

Use-after-free in MessagePort::Entangled. (CVE-2023-6205)

Clickjacking permission prompts using the fullscreen transition. (CVE-2023-6206)

Use-after-free in ReadableByteStreamQueueEntry::Buffer. (CVE-2023-6207)

Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)

Incorrect parsing of relative URLs starting with "///". (CVE-2023-6209)

Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. (CVE-2023-6212)

References
Credits

Affected packages

Mageia:9 / thunderbird

Package

Name
thunderbird
Purl
pkg:rpm/mageia/thunderbird?distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.5.1-1.mga9

Ecosystem specific 

{
    "section": "core"
}

Mageia:9 / thunderbird-l10n

Package

Name
thunderbird-l10n
Purl
pkg:rpm/mageia/thunderbird-l10n?distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.5.1-1.mga9

Ecosystem specific 

{
    "section": "core"
}