Synopsis: Important: thunderbird security update Advisory ID: SLSA-2023:4945-1 Issue Date: 2023-09-05 CVE Numbers: CVE-2023-4573 CVE-2023-4574 CVE-2023-4575 CVE-2023-4577 CVE-2023-4051 CVE-2023-4578 CVE-2023-4053 CVE-2023-4580 CVE-2023-4581 CVE-2023-4583 CVE-2023-4584 CVE-2023-4585 -- This update upgrades Thunderbird to version 102.15.0. Security Fix(es): * Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573) * Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574) * Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575) * Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577) * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (CVE-2023-4584) * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (CVE-2023-4585) * Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051) * Mozilla: Full screen notification obscured by external program (CVE-2023-4053) * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (CVE-2023-4578) * Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580) * Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581) * Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- SL7 x86_64 thunderbird-102.15.0-1.el7_9.x86_64.rpm thunderbird-debuginfo-102.15.0-1.el7_9.x86_64.rpm - Scientific Linux Development Team