Oval Definition:oval:com.redhat.rhsa:def:20227190
Revision Date:2022-10-25Version:636
Title:RHSA-2022:7190: thunderbird security update (Important)
Description:Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.4.0.

Security Fix(es):

  • Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators (CVE-2022-39249)

  • Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack (CVE-2022-39250)

  • Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack (CVE-2022-39251)

  • Mozilla: Same-origin policy violation could have leaked cross-origin URLs (CVE-2022-42927)

  • Mozilla: Memory Corruption in JS Engine (CVE-2022-42928)

  • Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue (CVE-2022-39236)

  • Mozilla: Denial of Service via window.print (CVE-2022-42929)

  • Mozilla: Memory safety bugs fixed in Firefox ESR 102.4 and Thunderbird 102.4 (CVE-2022-42932)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2022-39236
    CVE-2022-39249
    CVE-2022-39250
    CVE-2022-39251
    CVE-2022-42927
    CVE-2022-42928
    CVE-2022-42929
    CVE-2022-42932
    RHSA-2022:7190
    Platform(s):Red Hat Enterprise Linux 8
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • thunderbird is earlier than 0:102.4.0-1.el8_6
  • AND thunderbird is signed with Red Hat redhatrelease2 key
  • AND
  • Red Hat Enterprise Linux 8 is installed
  • OR Red Hat CoreOS 4 is installed
    • BACK