Mageia alert MGASA-2022-0163 (thunderbird)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2022-0163: Updated thunderbird packages fix security vulnerability | |
| Date: | Fri, 06 May 2022 22:18:17 +0200 | |
| Message-ID: | <20220506201817.EDD9B9FDBE@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2022-0163 - Updated thunderbird packages fix security vulnerability Publication date: 06 May 2022 URL: https://advisories.mageia.org/MGASA-2022-0163.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-1520, CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917 Description: Incorrect security status shown after viewing an attached email. (CVE-2022-1520) Fullscreen notification bypass using popups. (CVE-2022-29914) Bypassing permission prompt in nested browsing contexts. (CVE-2022-29909) Leaking browser history with CSS variables. (CVE-2022-29916) iframe sandbox bypass. (CVE-2022-29911) Reader mode bypassed SameSite cookies. (CVE-2022-29912) Speech Synthesis feature not properly disabled. (CVE-2022-29913) Memory safety bugs fixed in Thunderbird 91.9. (CVE-2022-29917) References: - https://bugs.mageia.org/show_bug.cgi?id=30374 - https://www.mozilla.org/en-US/security/advisories/mfsa202... - https://www.thunderbird.net/en-US/thunderbird/91.9.0/rele... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1520 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2... SRPMS: - 8/core/thunderbird-91.9.0-1.mga8 - 8/core/thunderbird-l10n-91.9.0-1.mga8