| 1 |
type: security |
| 2 |
subject: Updated thunderbird packages fix security vulnerability |
| 3 |
CVE: |
| 4 |
- CVE-2022-45403 |
| 5 |
- CVE-2022-45404 |
| 6 |
- CVE-2022-45405 |
| 7 |
- CVE-2022-45406 |
| 8 |
- CVE-2022-45408 |
| 9 |
- CVE-2022-45409 |
| 10 |
- CVE-2022-45410 |
| 11 |
- CVE-2022-45411 |
| 12 |
- CVE-2022-45412 |
| 13 |
- CVE-2022-45416 |
| 14 |
- CVE-2022-45418 |
| 15 |
- CVE-2022-45420 |
| 16 |
- CVE-2022-45421 |
| 17 |
src: |
| 18 |
8: |
| 19 |
core: |
| 20 |
- thunderbird-102.5.0-1.mga8 |
| 21 |
- thunderbird-l10n-102.5.0-1.mga8 |
| 22 |
description: | |
| 23 |
Service Workers might have learned size of cross-origin media files. |
| 24 |
(CVE-2022-45403) |
| 25 |
|
| 26 |
Fullscreen notification bypass. (CVE-2022-45404) |
| 27 |
|
| 28 |
Use-after-free in InputStream implementation. (CVE-2022-45405) |
| 29 |
|
| 30 |
Use-after-free of a JavaScript Realm. (CVE-2022-45406) |
| 31 |
|
| 32 |
Fullscreen notification bypass via windowName. (CVE-2022-45408) |
| 33 |
|
| 34 |
Use-after-free in Garbage Collection. (CVE-2022-45409) |
| 35 |
|
| 36 |
ServiceWorker-intercepted requests bypassed SameSite cookie policy. |
| 37 |
(CVE-2022-45410) |
| 38 |
|
| 39 |
Cross-Site Tracing was possible via non-standard override headers. |
| 40 |
(CVE-2022-45411) |
| 41 |
|
| 42 |
Symlinks may resolve to partially uninitialized buffers. (CVE-2022-45412) |
| 43 |
|
| 44 |
Keystroke Side-Channel Leakage. (CVE-2022-45416) |
| 45 |
|
| 46 |
Custom mouse cursor could have been drawn over browser UI. (CVE-2022-45418) |
| 47 |
|
| 48 |
Iframe contents could be rendered outside the iframe. (CVE-2022-45420) |
| 49 |
|
| 50 |
Memory safety bugs fixed in Thunderbird 102.5. (CVE-2022-45421) |
| 51 |
references: |
| 52 |
- https://bugs.mageia.org/show_bug.cgi?id=31131 |
| 53 |
- https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes/ |
| 54 |
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/ |
| 55 |
ID: MGASA-2022-0428 |
Parent Directory
| 
Revision Log