thunderbird-91.13.0-1.el9.ML.1

エラータID: AXSA:2022-4103:21

Release date: 
Monday, November 21, 2022 - 10:09
Subject: 
thunderbird-91.13.0-1.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.13.0.

Security Fix(es):

* Mozilla: Address bar spoofing via XSLT error handling (CVE-2022-38472)
* Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions (CVE-2022-38473)
* Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 (CVE-2022-38477)
* Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13 (CVE-2022-38478)
* Mozilla: Data race and potential use-after-free in PK11_ChangePW (CVE-2022-38476)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-38472
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-38473
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-38476
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-38477
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-38478
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-91.13.0-1.el9.ML.1.src.rpm
    MD5: 9ecaf59883fd0dea713632acda195f18
    SHA-256: c6277e9828f5e56af49a128e6f20171050fdf8163d6114bc6fabf38219857b89
    Size: 515.99 MB

Asianux Server 9 for x86_64
  1. thunderbird-91.13.0-1.el9.ML.1.x86_64.rpm
    MD5: b68d09488effa9fa824743f3040650b6
    SHA-256: fecfc2ea28dc1ef0a2a4bb212079d5370e91b6ddb866321d6741bdfa22b16b9d
    Size: 97.76 MB