Synopsis: Important: thunderbird security update Advisory ID: SLSA-2022:1725-1 Issue Date: 2022-05-05 CVE Numbers: CVE-2022-29914 CVE-2022-29909 CVE-2022-29916 CVE-2022-29911 CVE-2022-29912 CVE-2022-29917 CVE-2022-1520 CVE-2022-29913 -- This update upgrades Thunderbird to version 91.9.0. Security Fix(es): * Mozilla: Bypassing permission prompt in nested browsing contexts (CVE-2022-29909) * Mozilla: iframe Sandbox bypass (CVE-2022-29911) * Mozilla: Fullscreen notification bypass using popups (CVE-2022-29914) * Mozilla: Leaking browser history with CSS variables (CVE-2022-29916) * Mozilla: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 (CVE-2022-29917) * Mozilla: Reader mode bypassed SameSite cookies (CVE-2022-29912) * Mozilla: Speech Synthesis feature not properly disabled (CVE-2022-29913) * Mozilla: Incorrect security status shown after viewing an attached email (CVE-2022-1520) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- SL7 x86_64 thunderbird-91.9.0-3.el7_9.x86_64.rpm thunderbird-debuginfo-91.9.0-3.el7_9.x86_64.rpm - Scientific Linux Development Team