1 |
type: security |
2 |
subject: Updated thunderbird packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2022-45403 |
5 |
- CVE-2022-45404 |
6 |
- CVE-2022-45405 |
7 |
- CVE-2022-45406 |
8 |
- CVE-2022-45408 |
9 |
- CVE-2022-45409 |
10 |
- CVE-2022-45410 |
11 |
- CVE-2022-45411 |
12 |
- CVE-2022-45412 |
13 |
- CVE-2022-45416 |
14 |
- CVE-2022-45418 |
15 |
- CVE-2022-45420 |
16 |
- CVE-2022-45421 |
17 |
src: |
18 |
8: |
19 |
core: |
20 |
- thunderbird-102.5.0-1.mga8 |
21 |
- thunderbird-l10n-102.5.0-1.mga8 |
22 |
description: | |
23 |
Service Workers might have learned size of cross-origin media files. |
24 |
(CVE-2022-45403) |
25 |
|
26 |
Fullscreen notification bypass. (CVE-2022-45404) |
27 |
|
28 |
Use-after-free in InputStream implementation. (CVE-2022-45405) |
29 |
|
30 |
Use-after-free of a JavaScript Realm. (CVE-2022-45406) |
31 |
|
32 |
Fullscreen notification bypass via windowName. (CVE-2022-45408) |
33 |
|
34 |
Use-after-free in Garbage Collection. (CVE-2022-45409) |
35 |
|
36 |
ServiceWorker-intercepted requests bypassed SameSite cookie policy. |
37 |
(CVE-2022-45410) |
38 |
|
39 |
Cross-Site Tracing was possible via non-standard override headers. |
40 |
(CVE-2022-45411) |
41 |
|
42 |
Symlinks may resolve to partially uninitialized buffers. (CVE-2022-45412) |
43 |
|
44 |
Keystroke Side-Channel Leakage. (CVE-2022-45416) |
45 |
|
46 |
Custom mouse cursor could have been drawn over browser UI. (CVE-2022-45418) |
47 |
|
48 |
Iframe contents could be rendered outside the iframe. (CVE-2022-45420) |
49 |
|
50 |
Memory safety bugs fixed in Thunderbird 102.5. (CVE-2022-45421) |
51 |
references: |
52 |
- https://bugs.mageia.org/show_bug.cgi?id=31131 |
53 |
- https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes/ |
54 |
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/ |
55 |
ID: MGASA-2022-0428 |