Headline

RHSA-2022:1302: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

CVE-2022-1097: Mozilla: Use-after-free in NSSToken objects
CVE-2022-1196: Mozilla: Use-after-free after VR Process destruction
CVE-2022-1197: Mozilla: OpenPGP revocation information was ignored
CVE-2022-24713: Mozilla: Denial of Service via complex regular expressions
CVE-2022-28281: Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
CVE-2022-28282: Mozilla: Use-after-free in DocumentL10n::TranslateDocument
CVE-2022-28285: Mozilla: Incorrect AliasSet used in JIT Codegen
CVE-2022-28286: Mozilla: iframe contents could be rendered outside the border
CVE-2022-28289: Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8

2 years ago

Red Hat Security Data

Open in Source

#vulnerability #web #linux #red_hat #dos #nodejs #js #java #kubernetes

Skip to navigation Skip to main content

Utilities

Subscriptions
Downloads
Containers
Support Cases

Red Hat Customer Portal

Infrastructure and Management

Red Hat Enterprise Linux
Red Hat Virtualization
Red Hat Identity Management
Red Hat Directory Server
Red Hat Certificate System
Red Hat Satellite
Red Hat Subscription Management
Red Hat Update Infrastructure
Red Hat Insights
Red Hat Ansible Automation Platform

Cloud Computing

Red Hat OpenShift
Red Hat CloudForms
Red Hat OpenStack Platform
Red Hat OpenShift Container Platform
Red Hat OpenShift Data Science
Red Hat OpenShift Online
Red Hat OpenShift Dedicated
Red Hat Advanced Cluster Security for Kubernetes
Red Hat Advanced Cluster Management for Kubernetes
Red Hat Quay
Red Hat CodeReady Workspaces
Red Hat OpenShift Service on AWS

Storage

Red Hat Gluster Storage
Red Hat Hyperconverged Infrastructure
Red Hat Ceph Storage
Red Hat OpenShift Data Foundation

Runtimes

Red Hat Runtimes
Red Hat JBoss Enterprise Application Platform
Red Hat Data Grid
Red Hat JBoss Web Server
Red Hat Single Sign On
Red Hat support for Spring Boot
Red Hat build of Node.js
Red Hat build of Thorntail
Red Hat build of Eclipse Vert.x
Red Hat build of OpenJDK
Red Hat build of Quarkus
Red Hat CodeReady Studio

Integration and Automation

Red Hat Process Automation
Red Hat Process Automation Manager
Red Hat Decision Manager

All Products

Issued:

2022-04-11

Updated:

2022-04-11

RHSA-2022:1302 - Security Advisory

Overview
Updated Packages

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.8.0.

Security Fix(es):

Mozilla: Use-after-free in NSSToken objects (CVE-2022-1097)
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions (CVE-2022-28281)
Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 (CVE-2022-28289)
Mozilla: Use-after-free after VR Process destruction (CVE-2022-1196)
Mozilla: OpenPGP revocation information was ignored (CVE-2022-1197)
Mozilla: Use-after-free in DocumentL10n::TranslateDocument (CVE-2022-28282)
Mozilla: Incorrect AliasSet used in JIT Codegen (CVE-2022-28285)
Mozilla: Denial of Service via complex regular expressions (CVE-2022-24713)
Mozilla: iframe contents could be rendered outside the border (CVE-2022-28286)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

BZ - 2072559 - CVE-2022-1097 Mozilla: Use-after-free in NSSToken objects
BZ - 2072560 - CVE-2022-28281 Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
BZ - 2072561 - CVE-2022-1196 Mozilla: Use-after-free after VR Process destruction
BZ - 2072562 - CVE-2022-28282 Mozilla: Use-after-free in DocumentL10n::TranslateDocument
BZ - 2072563 - CVE-2022-28285 Mozilla: Incorrect AliasSet used in JIT Codegen
BZ - 2072564 - CVE-2022-28286 Mozilla: iframe contents could be rendered outside the border
BZ - 2072565 - CVE-2022-24713 Mozilla: Denial of Service via complex regular expressions
BZ - 2072566 - CVE-2022-28289 Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
BZ - 2072963 - CVE-2022-1197 Mozilla: OpenPGP revocation information was ignored

CVEs