Oval Definition:oval:com.redhat.rhsa:def:20225482
Revision Date:2022-07-01Version:635
Title:RHSA-2022:5482: thunderbird security update (Important)
Description:Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.11.

Security Fix(es):

  • Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (CVE-2022-34468)

  • Mozilla: Use-after-free in nsSHistory (CVE-2022-34470)

  • Mozilla: A popup window could be resized in a way to overlay the address bar with web content (CVE-2022-34479)

  • Mozilla: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (CVE-2022-34484)

  • Mozilla: Undesired attributes could be set as part of prototype pollution (CVE-2022-2200)

  • Mozilla: An email with a mismatching OpenPGP signature date was accepted as valid (CVE-2022-2226)

  • Mozilla: CSP bypass enabling stylesheet injection (CVE-2022-31744)

  • Mozilla: Unavailable PAC file resulted in OCSP requests being blocked (CVE-2022-34472)

  • Mozilla: Potential integer overflow in ReplaceElementsAt (CVE-2022-34481)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2022-2200
    CVE-2022-2226
    CVE-2022-31744
    CVE-2022-34468
    CVE-2022-34470
    CVE-2022-34472
    CVE-2022-34479
    CVE-2022-34481
    CVE-2022-34484
    RHSA-2022:5482
    Platform(s):Red Hat Enterprise Linux 9
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 9 is installed
  • AND thunderbird is earlier than 0:91.11.0-2.el9_0
  • AND thunderbird is signed with Red Hat redhatrelease2 key
  • BACK