ALSA-2022:1301
- Source
- https://errata.almalinux.org/8/ALSA-2022-1301.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:1301.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2022:1301
- Related
- Published
- 2022-04-11T13:29:58Z
- Modified
- 2022-04-13T07:37:22Z
- Summary
- Important: thunderbird security update
- Details
-
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 91.8.0.
Security Fix(es):
Mozilla: Use-after-free in NSSToken objects (CVE-2022-1097)
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions (CVE-2022-28281)
Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 (CVE-2022-28289)
Mozilla: Use-after-free after VR Process destruction (CVE-2022-1196)
Mozilla: OpenPGP revocation information was ignored (CVE-2022-1197)
Mozilla: Use-after-free in DocumentL10n::TranslateDocument (CVE-2022-28282)
Mozilla: Incorrect AliasSet used in JIT Codegen (CVE-2022-28285)
Mozilla: Denial of Service via complex regular expressions (CVE-2022-24713)
Mozilla: iframe contents could be rendered outside the border (CVE-2022-28286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://vulners.com/cve/CVE-2022-1097
- https://vulners.com/cve/CVE-2022-1196
- https://vulners.com/cve/CVE-2022-1197
- https://vulners.com/cve/CVE-2022-24713
- https://vulners.com/cve/CVE-2022-28281
- https://vulners.com/cve/CVE-2022-28282
- https://vulners.com/cve/CVE-2022-28285
- https://vulners.com/cve/CVE-2022-28286
- https://vulners.com/cve/CVE-2022-28289
Affected packages
AlmaLinux:8 / thunderbird
Package
- Name
- thunderbird