Headline
RHSA-2022:9074: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-45414: Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content
- CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process
- CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions
- CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6
- CVE-2022-46880: Mozilla: Use-after-free in WebGL
- CVE-2022-46881: Mozilla: Memory corruption in WebGL
- CVE-2022-46882: Mozilla: Use-after-free in WebGL
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-12-15
Updated:
2022-12-15
RHSA-2022:9074 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: thunderbird security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.6.0.
Security Fix(es):
- Mozilla: Arbitrary file read from a compromised content process (CVE-2022-46872)
- Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 (CVE-2022-46878)
- Mozilla: Use-after-free in WebGL (CVE-2022-46880)
- Mozilla: Memory corruption in WebGL (CVE-2022-46881)
- Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content (CVE-2022-45414)
- Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions (CVE-2022-46874)
- Mozilla: Use-after-free in WebGL (CVE-2022-46882)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2149868 - CVE-2022-45414 Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content
- BZ - 2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process
- BZ - 2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions
- BZ - 2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6
- BZ - 2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL
- BZ - 2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL
- BZ - 2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL
CVEs
- CVE-2022-45414
- CVE-2022-46872
- CVE-2022-46874
- CVE-2022-46878
- CVE-2022-46880
- CVE-2022-46881
- CVE-2022-46882
Red Hat Enterprise Linux for x86_64 8
SRPM
thunderbird-102.6.0-2.el8_7.src.rpm
SHA-256: 8e9119e2d83216cd304931cfc9686974c1a1433f8c0c818bafab5a8c9f9a15ba
x86_64
thunderbird-102.6.0-2.el8_7.x86_64.rpm
SHA-256: e68ef33b772ed032043f792d1b8ed612076bdd91d4acd2f3668c53c3f949160a
thunderbird-debuginfo-102.6.0-2.el8_7.x86_64.rpm
SHA-256: 1f06b0bbea9853d87fead2413ef64a4b48b338488b2416eb7dba1669b1e2707b
thunderbird-debugsource-102.6.0-2.el8_7.x86_64.rpm
SHA-256: d9ff8b28bbaec923638278537432a898a7950c358197e0ef8ee0fad9efb3011b
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
thunderbird-102.6.0-2.el8_7.src.rpm
SHA-256: 8e9119e2d83216cd304931cfc9686974c1a1433f8c0c818bafab5a8c9f9a15ba
s390x
thunderbird-102.6.0-2.el8_7.s390x.rpm
SHA-256: b0f1f9d3ef73dc776b2c495ebe8857d189038c9902910271f2ab1ed7e8bc07e5
thunderbird-debuginfo-102.6.0-2.el8_7.s390x.rpm
SHA-256: a94f29cd8ead48c3335d346044008f1d5c993a27b19b8eb8230b1c37f28f6fad
thunderbird-debugsource-102.6.0-2.el8_7.s390x.rpm
SHA-256: 6c4855fcffaff4ab11ad133f9752146ba6d22673cdbd39b3745abe14bcd2713b
Red Hat Enterprise Linux for Power, little endian 8
SRPM
thunderbird-102.6.0-2.el8_7.src.rpm
SHA-256: 8e9119e2d83216cd304931cfc9686974c1a1433f8c0c818bafab5a8c9f9a15ba
ppc64le
thunderbird-102.6.0-2.el8_7.ppc64le.rpm
SHA-256: 7cf3e9a54bd6a6513771a63844170818186bed07f15eef6d1e35e23b61382f65
thunderbird-debuginfo-102.6.0-2.el8_7.ppc64le.rpm
SHA-256: c3d182680369f25f409f6a50e6ab6bb08033fb75d8a3359f6ef5846c8f750ed9
thunderbird-debugsource-102.6.0-2.el8_7.ppc64le.rpm
SHA-256: a246be0d8ffb21cd0363c002f128e6a3b1f753bc764e28165281ad8020c9181b
Red Hat Enterprise Linux for ARM 64 8
SRPM
thunderbird-102.6.0-2.el8_7.src.rpm
SHA-256: 8e9119e2d83216cd304931cfc9686974c1a1433f8c0c818bafab5a8c9f9a15ba
aarch64
thunderbird-102.6.0-2.el8_7.aarch64.rpm
SHA-256: 7c6b0d18b6d5e55e49d91e9db5b9887aa3a71f63220f4acd923f99a2ce52282f
thunderbird-debuginfo-102.6.0-2.el8_7.aarch64.rpm
SHA-256: 30dc7e9dc631a5e3813582e571ff41f0c82dac94394587d1f77b14256909ff48
thunderbird-debugsource-102.6.0-2.el8_7.aarch64.rpm
SHA-256: ca52ecae6e0e9d8cf02a8375ef8d00206febe794eb9736bc1044489b8fef251a
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 5782-3 - USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. Pete Freitag discovered that Firefox did not implement the unsafe-hashes CSP directive. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. Matthias Zoellner discovered that Firefox was not keeping the filename ending intact when using the drag-and-drop event. An attacker could possibly use this issue to add a file with a malicious extension, leading to execute arbitrary code. Hafiizh discovered ...
During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow causing a potentially exploitable crash.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 105.
Debian Linux Security Advisory 5303-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure.
Red Hat Security Advisory 2022-9068-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9075-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9076-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9066-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9074-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9078-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9080-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9081-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9079-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9065-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9077-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45414: Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious exten...
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45414: Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious exten...
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45414: Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious exten...
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45414: Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious exten...
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45414: Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious exten...
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45414: Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious exten...
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45414: Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious exten...
An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45414: Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been tr...
An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45414: Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious exten...
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in WebGL * CVE-2022-46881: Mozilla: Memory...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45414: Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content * CVE-2022-46872: Mozi...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45414: Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been tr...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45414: Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could ha...
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in WebGL * CVE-2...
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Moz...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in Web...
An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in WebGL * CVE-2...
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in WebGL * CVE-2022-46881: Mozilla: Memory...
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in WebGL * CVE-2022-46881: Mozilla: Memory...