RLSA-2023:4954

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.15.0.

Security Fix(es):

• Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

• Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

• Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

• Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

• Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (CVE-2023-4584)

• Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (CVE-2023-4585)

• Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)

• Mozilla: Full screen notification obscured by external program (CVE-2023-4053)

• Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (CVE-2023-4578)

• Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

• Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)

• Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.