ALSA-2022:0129

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.5.0.

Security Fix(es):

• Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)

• Mozilla: Race condition when playing audio files (CVE-2022-22737)

• Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)

• Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)

• Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741)

• Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)

• Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22743)

• Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)

• Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)

• Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)

• Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)

• Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.