SUSE-SU-2023:1736-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20231736-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:1736-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:1736-1
Related
Published
2023-04-03T11:12:58Z
Modified
2023-04-03T11:12:58Z
Summary
Security update for MozillaThunderbird
Details

This update for MozillaThunderbird fixes the following issues:

MFSA 2023-12 (bsc#1209953):

  • CVE-2023-28427: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (bmo#1822595)

MFSA 2023-11 (bsc#1209173):

  • CVE-2023-25751: Incorrect code generation during JIT compilation (bmo#1814899).
  • CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (bmo#1809122).
  • CVE-2023-28162: Invalid downcast in Worklets (bmo#1811327).
  • CVE-2023-25752: Potential out-of-bounds when accessing throttled streams (bmo#1811627).
  • CVE-2023-28163: Windows Save As dialog resolved environment variables (bmo#1817768)
  • CVE-2023-28176: Memory safety bugs fixed in Thunderbird 102.9 (bmo#1808352, bmo#1811637, bmo#1815904, bmo#1817442, bmo#1818674).

Mozilla Thunderbird 102.9:

  • fixed: Notification about a sender's changed OpenPGP key was not immediately visible (bmo#1814003)
  • fixed: TLS Certificate Override dialog did not appear when retrieving messages via IMAP using 'Get Messages' context menu (bmo#1816596)
  • fixed: Spellcheck dictionaries were missing from localized Thunderbird builds that should have included them (bmo#1818257)
  • fixed: Tooltips for 'Show/Hide' calendar toggle did not display (bmo#1809557)
  • fixed: Various security fixes

Mozilla Thunderbird 102.9.1:

  • fixed: Thunderbird was unable to open file URLs from command line (URLs beginning with 'file://') (bmo#1816343)
  • fixed: Source strings for localized builds not uploaded to FTP as expected (bmo#1817086)
  • fixed: Visual and theme improvements (bmo#1821358, bmo#1822286)
  • fixed: Security fixes
References

Affected packages

SUSE:Linux Enterprise Module for Package Hub 15 SP4 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
102.9.1-150200.8.110.2

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird": "102.9.1-150200.8.110.2",
            "MozillaThunderbird-translations-other": "102.9.1-150200.8.110.2",
            "MozillaThunderbird-translations-common": "102.9.1-150200.8.110.2"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 15 SP4 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
102.9.1-150200.8.110.2

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird": "102.9.1-150200.8.110.2",
            "MozillaThunderbird-translations-other": "102.9.1-150200.8.110.2",
            "MozillaThunderbird-translations-common": "102.9.1-150200.8.110.2"
        }
    ]
}

openSUSE:Leap 15.4 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
102.9.1-150200.8.110.2

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird": "102.9.1-150200.8.110.2",
            "MozillaThunderbird-translations-other": "102.9.1-150200.8.110.2",
            "MozillaThunderbird-translations-common": "102.9.1-150200.8.110.2"
        }
    ]
}