Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4954: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks.
  • CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.
  • CVE-2023-4573: The Mozilla Foundation Security Advisory describes this flaw as: When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash.
  • CVE-2023-4574: The Mozilla Foundation Security Advisory describes this flaw as: When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash.
  • CVE-2023-4575: The Mozilla Foundation Security Advisory describes this flaw as: When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash.
  • CVE-2023-4577: The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash.
  • CVE-2023-4578: The Mozilla Foundation Security Advisory describes this flaw as: When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error.
  • CVE-2023-4580: The Mozilla Foundation Security Advisory describes this flaw as: Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information.
  • CVE-2023-4581: The Mozilla Foundation Security Advisory describes this flaw as: Excel .xll add-in files did not have a blocklist entry in Firefox’s executable blocklist which allowed them to be downloaded without any warning of their potential harm.
  • CVE-2023-4583: The Mozilla Foundation Security Advisory describes this flaw as: When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended.
  • CVE-2023-4584: The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
  • CVE-2023-4585: The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#aws#ibm#firefox#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-09-04

Updated:

2023-09-04

RHSA-2023:4954 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.15.0.

Security Fix(es):

  • Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)
  • Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)
  • Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)
  • Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)
  • Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (CVE-2023-4584)
  • Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (CVE-2023-4585)
  • Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)
  • Mozilla: Full screen notification obscured by external program (CVE-2023-4053)
  • Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (CVE-2023-4578)
  • Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)
  • Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)
  • Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator
  • BZ - 2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback
  • BZ - 2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback
  • BZ - 2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics
  • BZ - 2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog
  • BZ - 2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception
  • BZ - 2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program
  • BZ - 2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted
  • BZ - 2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings
  • BZ - 2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window
  • BZ - 2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
  • BZ - 2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

CVEs

  • CVE-2023-4051
  • CVE-2023-4053
  • CVE-2023-4573
  • CVE-2023-4574
  • CVE-2023-4575
  • CVE-2023-4577
  • CVE-2023-4578
  • CVE-2023-4580
  • CVE-2023-4581
  • CVE-2023-4583
  • CVE-2023-4584
  • CVE-2023-4585

Red Hat Enterprise Linux for x86_64 8

SRPM

thunderbird-102.15.0-1.el8_8.src.rpm

SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1

x86_64

thunderbird-102.15.0-1.el8_8.x86_64.rpm

SHA-256: 27eaf4ed74da37531ccd2f39d38323326e4a4d5db7d4433ac80454d34e0124db

thunderbird-debuginfo-102.15.0-1.el8_8.x86_64.rpm

SHA-256: 53e8d228dc54b7973b97c3c65121027ed56dc36aec7a2e7493bbaaa296f3cabe

thunderbird-debugsource-102.15.0-1.el8_8.x86_64.rpm

SHA-256: 0a68858b0ad56f630cc46e1ee5798256c4992e94bea29f1dcf673a5df0b0cd44

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM

thunderbird-102.15.0-1.el8_8.src.rpm

SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1

x86_64

thunderbird-102.15.0-1.el8_8.x86_64.rpm

SHA-256: 27eaf4ed74da37531ccd2f39d38323326e4a4d5db7d4433ac80454d34e0124db

thunderbird-debuginfo-102.15.0-1.el8_8.x86_64.rpm

SHA-256: 53e8d228dc54b7973b97c3c65121027ed56dc36aec7a2e7493bbaaa296f3cabe

thunderbird-debugsource-102.15.0-1.el8_8.x86_64.rpm

SHA-256: 0a68858b0ad56f630cc46e1ee5798256c4992e94bea29f1dcf673a5df0b0cd44

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

thunderbird-102.15.0-1.el8_8.src.rpm

SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1

s390x

thunderbird-102.15.0-1.el8_8.s390x.rpm

SHA-256: 8aff7bfc6ed87ee6b2320a3ef3d01ad39c85c4bfeb8f42e3ee047ae1c4ca891d

thunderbird-debuginfo-102.15.0-1.el8_8.s390x.rpm

SHA-256: b9bc33ba75c7625774f9a69de8daaf7826a75e83e5992f615725eb9a1b72e1ac

thunderbird-debugsource-102.15.0-1.el8_8.s390x.rpm

SHA-256: 285344749683c7477ab194e4bdc56866162aad2bc85336ee73de8be4c3fe5d4b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM

thunderbird-102.15.0-1.el8_8.src.rpm

SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1

s390x

thunderbird-102.15.0-1.el8_8.s390x.rpm

SHA-256: 8aff7bfc6ed87ee6b2320a3ef3d01ad39c85c4bfeb8f42e3ee047ae1c4ca891d

thunderbird-debuginfo-102.15.0-1.el8_8.s390x.rpm

SHA-256: b9bc33ba75c7625774f9a69de8daaf7826a75e83e5992f615725eb9a1b72e1ac

thunderbird-debugsource-102.15.0-1.el8_8.s390x.rpm

SHA-256: 285344749683c7477ab194e4bdc56866162aad2bc85336ee73de8be4c3fe5d4b

Red Hat Enterprise Linux for Power, little endian 8

SRPM

thunderbird-102.15.0-1.el8_8.src.rpm

SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1

ppc64le

thunderbird-102.15.0-1.el8_8.ppc64le.rpm

SHA-256: e0f75ed5ca41ebf01d2c5f55d5d1fbf0cf4781f6283b6b02c19d0b93924f16bf

thunderbird-debuginfo-102.15.0-1.el8_8.ppc64le.rpm

SHA-256: 16e7e31816ebaac6914499bd0758bef94e5a08c45c0616ac85d43769f289d5d3

thunderbird-debugsource-102.15.0-1.el8_8.ppc64le.rpm

SHA-256: f428f3352fc06a707b27925c057d70d4fc8a0864c64fda3d72ed7e0f46959fca

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM

thunderbird-102.15.0-1.el8_8.src.rpm

SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1

ppc64le

thunderbird-102.15.0-1.el8_8.ppc64le.rpm

SHA-256: e0f75ed5ca41ebf01d2c5f55d5d1fbf0cf4781f6283b6b02c19d0b93924f16bf

thunderbird-debuginfo-102.15.0-1.el8_8.ppc64le.rpm

SHA-256: 16e7e31816ebaac6914499bd0758bef94e5a08c45c0616ac85d43769f289d5d3

thunderbird-debugsource-102.15.0-1.el8_8.ppc64le.rpm

SHA-256: f428f3352fc06a707b27925c057d70d4fc8a0864c64fda3d72ed7e0f46959fca

Red Hat Enterprise Linux Server - TUS 8.8

SRPM

thunderbird-102.15.0-1.el8_8.src.rpm

SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1

x86_64

thunderbird-102.15.0-1.el8_8.x86_64.rpm

SHA-256: 27eaf4ed74da37531ccd2f39d38323326e4a4d5db7d4433ac80454d34e0124db

thunderbird-debuginfo-102.15.0-1.el8_8.x86_64.rpm

SHA-256: 53e8d228dc54b7973b97c3c65121027ed56dc36aec7a2e7493bbaaa296f3cabe

thunderbird-debugsource-102.15.0-1.el8_8.x86_64.rpm

SHA-256: 0a68858b0ad56f630cc46e1ee5798256c4992e94bea29f1dcf673a5df0b0cd44

Red Hat Enterprise Linux for ARM 64 8

SRPM

thunderbird-102.15.0-1.el8_8.src.rpm

SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1

aarch64

thunderbird-102.15.0-1.el8_8.aarch64.rpm

SHA-256: 6ecf18da19145b202a89b523a399f942270338f335bfeba76905f7705d4ce462

thunderbird-debuginfo-102.15.0-1.el8_8.aarch64.rpm

SHA-256: 1200eed4938afc1a9c3e406a526c8c5b8d03859777a336734b1c08f0fa643112

thunderbird-debugsource-102.15.0-1.el8_8.aarch64.rpm

SHA-256: baa71750b21f5d033df66b37de68b747bd89e825f9f1934368ef52468c96047a

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM

thunderbird-102.15.0-1.el8_8.src.rpm

SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1

aarch64

thunderbird-102.15.0-1.el8_8.aarch64.rpm

SHA-256: 6ecf18da19145b202a89b523a399f942270338f335bfeba76905f7705d4ce462

thunderbird-debuginfo-102.15.0-1.el8_8.aarch64.rpm

SHA-256: 1200eed4938afc1a9c3e406a526c8c5b8d03859777a336734b1c08f0fa643112

thunderbird-debugsource-102.15.0-1.el8_8.aarch64.rpm

SHA-256: baa71750b21f5d033df66b37de68b747bd89e825f9f1934368ef52468c96047a

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM

thunderbird-102.15.0-1.el8_8.src.rpm

SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1

ppc64le

thunderbird-102.15.0-1.el8_8.ppc64le.rpm

SHA-256: e0f75ed5ca41ebf01d2c5f55d5d1fbf0cf4781f6283b6b02c19d0b93924f16bf

thunderbird-debuginfo-102.15.0-1.el8_8.ppc64le.rpm

SHA-256: 16e7e31816ebaac6914499bd0758bef94e5a08c45c0616ac85d43769f289d5d3

thunderbird-debugsource-102.15.0-1.el8_8.ppc64le.rpm

SHA-256: f428f3352fc06a707b27925c057d70d4fc8a0864c64fda3d72ed7e0f46959fca

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM

thunderbird-102.15.0-1.el8_8.src.rpm

SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1

x86_64

thunderbird-102.15.0-1.el8_8.x86_64.rpm

SHA-256: 27eaf4ed74da37531ccd2f39d38323326e4a4d5db7d4433ac80454d34e0124db

thunderbird-debuginfo-102.15.0-1.el8_8.x86_64.rpm

SHA-256: 53e8d228dc54b7973b97c3c65121027ed56dc36aec7a2e7493bbaaa296f3cabe

thunderbird-debugsource-102.15.0-1.el8_8.x86_64.rpm

SHA-256: 0a68858b0ad56f630cc46e1ee5798256c4992e94bea29f1dcf673a5df0b0cd44

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202402-25

Gentoo Linux Security Advisory 202402-25 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.7.0 are affected.

Ubuntu Security Notice USN-6405-1

Ubuntu Security Notice 6405-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Andrew McCreight discovered that Thunderbird did not properly manage during the worker lifecycle. An attacker could potentially exploit this issue to cause a denial of service.

CVE-2023-4573: Security Vulnerabilities fixed in Firefox 117

When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

Red Hat Security Advisory 2023-5019-01

Red Hat Security Advisory 2023-5019-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR.

RHSA-2023:5019: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full scr...

Red Hat Security Advisory 2023-4955-01

Red Hat Security Advisory 2023-4955-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.

Red Hat Security Advisory 2023-4956-01

Red Hat Security Advisory 2023-4956-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.

Red Hat Security Advisory 2023-4947-01

Red Hat Security Advisory 2023-4947-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.

Red Hat Security Advisory 2023-4948-01

Red Hat Security Advisory 2023-4948-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.

Red Hat Security Advisory 2023-4950-01

Red Hat Security Advisory 2023-4950-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR.

Debian Security Advisory 5488-1

Debian Linux Security Advisory 5488-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5488-1

Debian Linux Security Advisory 5488-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5488-1

Debian Linux Security Advisory 5488-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5488-1

Debian Linux Security Advisory 5488-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5488-1

Debian Linux Security Advisory 5488-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

RHSA-2023:4952: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full scr...

RHSA-2023:4956: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could hav...

RHSA-2023:4957: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have le...

RHSA-2023:4959: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website could ...

RHSA-2023:4955: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full...

RHSA-2023:4958: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full scr...

RHSA-2023:4945: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full...

RHSA-2023:4949: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A webs...

RHSA-2023:4948: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A ...

RHSA-2023:4950: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website could ...

RHSA-2023:4946: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user con...

RHSA-2023:4947: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website co...

RHSA-2023:4951: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusi...

Debian Security Advisory 5485-1

Debian Linux Security Advisory 5485-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

Debian Security Advisory 5485-1

Debian Linux Security Advisory 5485-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

Debian Security Advisory 5485-1

Debian Linux Security Advisory 5485-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

Debian Security Advisory 5485-1

Debian Linux Security Advisory 5485-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

Debian Security Advisory 5485-1

Debian Linux Security Advisory 5485-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

Ubuntu Security Notice USN-6320-1

Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.

Ubuntu Security Notice USN-6320-1

Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.

Ubuntu Security Notice USN-6320-1

Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.

Ubuntu Security Notice USN-6320-1

Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.

Ubuntu Security Notice USN-6320-1

Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.

Ubuntu Security Notice USN-6320-1

Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.

Ubuntu Security Notice USN-6320-1

Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.

Ubuntu Security Notice USN-6320-1

Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.

Ubuntu Security Notice USN-6320-1

Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.

Ubuntu Security Notice USN-6320-1

Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.

Ubuntu Security Notice USN-6267-3

Ubuntu Security Notice 6267-3 - USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy. Alexander Guryanov discovered that Firefox did not properly update the value of a global variable in WASM JIT analysis in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. Mark Brand discovered that Firefox did not properly validate the size of an untrusted input strea...

Ubuntu Security Notice USN-6267-3

Ubuntu Security Notice 6267-3 - USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy. Alexander Guryanov discovered that Firefox did not properly update the value of a global variable in WASM JIT analysis in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. Mark Brand discovered that Firefox did not properly validate the size of an untrusted input strea...

Ubuntu Security Notice USN-6267-2

Ubuntu Security Notice 6267-2 - USN-6267-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy. Alexander Guryanov discovered that Firefox did not properly update the value of a global variable in WASM JIT analysis in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. Mark Brand discovered that Firefox did not properly validate the size of an untrusted input stream. An attacker could potentially exploi...

Ubuntu Security Notice USN-6267-2

Ubuntu Security Notice 6267-2 - USN-6267-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy. Alexander Guryanov discovered that Firefox did not properly update the value of a global variable in WASM JIT analysis in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. Mark Brand discovered that Firefox did not properly validate the size of an untrusted input stream. An attacker could potentially exploi...

Ubuntu Security Notice USN-6267-1

Ubuntu Security Notice 6267-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy.

Ubuntu Security Notice USN-6267-1

Ubuntu Security Notice 6267-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy.

CVE-2023-4051: Invalid Bug ID

A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.

CVE-2023-4053: Invalid Bug ID

A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.