 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Tue, 15 Feb 2022 21:01:30 -0000 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Important: thunderbird security update
Advisory ID: SLSA-2022:0538-1
Issue Date: 2022-02-15
CVE Numbers: CVE-2022-22754
CVE-2022-22756
CVE-2022-22760
CVE-2022-22761
CVE-2022-22763
CVE-2022-22759
CVE-2022-22764
--
This update upgrades Thunderbird to version 91.6.0.
Security Fix(es):
* Mozilla: Extensions could have bypassed permission confirmation during
update (CVE-2022-22754)
* Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
(CVE-2022-22764)
* Mozilla: Drag and dropping an image could have resulted in the dropped
object being an executable (CVE-2022-22756)
* Mozilla: Sandboxed iframes could have executed script if the parent
appended elements (CVE-2022-22759)
* Mozilla: Cross-Origin responses could be distinguished between script
and non-script content-types (CVE-2022-22760)
* Mozilla: frame-ancestors Content Security Policy directive was not
enforced for framed extension pages (CVE-2022-22761)
* Mozilla: Script Execution during invalid object state (CVE-2022-22763)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
--
SL7
x86_64
thunderbird-91.6.0-1.el7_9.x86_64.rpm
thunderbird-debuginfo-91.6.0-1.el7_9.x86_64.rpm
- Scientific Linux Development Team
|
|
|
