Headline
RHSA-2023:4954: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks.
- CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.
- CVE-2023-4573: The Mozilla Foundation Security Advisory describes this flaw as:
When receiving rendering data over IPC
mStreamcould have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. - CVE-2023-4574: The Mozilla Foundation Security Advisory describes this flaw as: When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash.
- CVE-2023-4575: The Mozilla Foundation Security Advisory describes this flaw as: When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash.
- CVE-2023-4577: The Mozilla Foundation Security Advisory describes this flaw as:
When
UpdateRegExpStaticsattempted to accessinitialStringHeapit could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. - CVE-2023-4578: The Mozilla Foundation Security Advisory describes this flaw as:
When calling
JS::CheckRegExpSyntaxa Syntax Error could have been set which would end in callingconvertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. - CVE-2023-4580: The Mozilla Foundation Security Advisory describes this flaw as: Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information.
- CVE-2023-4581: The Mozilla Foundation Security Advisory describes this flaw as:
Excel
.xlladd-in files did not have a blocklist entry in Firefox’s executable blocklist which allowed them to be downloaded without any warning of their potential harm. - CVE-2023-4583: The Mozilla Foundation Security Advisory describes this flaw as:
When checking if the Browsing Context had been discarded in
HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. - CVE-2023-4584: The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
- CVE-2023-4585: The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-09-04
Updated:
2023-09-04
RHSA-2023:4954 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: thunderbird security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.15.0.
Security Fix(es):
- Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)
- Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)
- Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)
- Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)
- Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (CVE-2023-4584)
- Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (CVE-2023-4585)
- Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)
- Mozilla: Full screen notification obscured by external program (CVE-2023-4053)
- Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (CVE-2023-4578)
- Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)
- Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)
- Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.8 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
Fixes
- BZ - 2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator
- BZ - 2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback
- BZ - 2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback
- BZ - 2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics
- BZ - 2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog
- BZ - 2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception
- BZ - 2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program
- BZ - 2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted
- BZ - 2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings
- BZ - 2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window
- BZ - 2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
- BZ - 2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2
CVEs
- CVE-2023-4051
- CVE-2023-4053
- CVE-2023-4573
- CVE-2023-4574
- CVE-2023-4575
- CVE-2023-4577
- CVE-2023-4578
- CVE-2023-4580
- CVE-2023-4581
- CVE-2023-4583
- CVE-2023-4584
- CVE-2023-4585
Red Hat Enterprise Linux for x86_64 8
SRPM
thunderbird-102.15.0-1.el8_8.src.rpm
SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1
x86_64
thunderbird-102.15.0-1.el8_8.x86_64.rpm
SHA-256: 27eaf4ed74da37531ccd2f39d38323326e4a4d5db7d4433ac80454d34e0124db
thunderbird-debuginfo-102.15.0-1.el8_8.x86_64.rpm
SHA-256: 53e8d228dc54b7973b97c3c65121027ed56dc36aec7a2e7493bbaaa296f3cabe
thunderbird-debugsource-102.15.0-1.el8_8.x86_64.rpm
SHA-256: 0a68858b0ad56f630cc46e1ee5798256c4992e94bea29f1dcf673a5df0b0cd44
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8
SRPM
thunderbird-102.15.0-1.el8_8.src.rpm
SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1
x86_64
thunderbird-102.15.0-1.el8_8.x86_64.rpm
SHA-256: 27eaf4ed74da37531ccd2f39d38323326e4a4d5db7d4433ac80454d34e0124db
thunderbird-debuginfo-102.15.0-1.el8_8.x86_64.rpm
SHA-256: 53e8d228dc54b7973b97c3c65121027ed56dc36aec7a2e7493bbaaa296f3cabe
thunderbird-debugsource-102.15.0-1.el8_8.x86_64.rpm
SHA-256: 0a68858b0ad56f630cc46e1ee5798256c4992e94bea29f1dcf673a5df0b0cd44
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
thunderbird-102.15.0-1.el8_8.src.rpm
SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1
s390x
thunderbird-102.15.0-1.el8_8.s390x.rpm
SHA-256: 8aff7bfc6ed87ee6b2320a3ef3d01ad39c85c4bfeb8f42e3ee047ae1c4ca891d
thunderbird-debuginfo-102.15.0-1.el8_8.s390x.rpm
SHA-256: b9bc33ba75c7625774f9a69de8daaf7826a75e83e5992f615725eb9a1b72e1ac
thunderbird-debugsource-102.15.0-1.el8_8.s390x.rpm
SHA-256: 285344749683c7477ab194e4bdc56866162aad2bc85336ee73de8be4c3fe5d4b
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8
SRPM
thunderbird-102.15.0-1.el8_8.src.rpm
SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1
s390x
thunderbird-102.15.0-1.el8_8.s390x.rpm
SHA-256: 8aff7bfc6ed87ee6b2320a3ef3d01ad39c85c4bfeb8f42e3ee047ae1c4ca891d
thunderbird-debuginfo-102.15.0-1.el8_8.s390x.rpm
SHA-256: b9bc33ba75c7625774f9a69de8daaf7826a75e83e5992f615725eb9a1b72e1ac
thunderbird-debugsource-102.15.0-1.el8_8.s390x.rpm
SHA-256: 285344749683c7477ab194e4bdc56866162aad2bc85336ee73de8be4c3fe5d4b
Red Hat Enterprise Linux for Power, little endian 8
SRPM
thunderbird-102.15.0-1.el8_8.src.rpm
SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1
ppc64le
thunderbird-102.15.0-1.el8_8.ppc64le.rpm
SHA-256: e0f75ed5ca41ebf01d2c5f55d5d1fbf0cf4781f6283b6b02c19d0b93924f16bf
thunderbird-debuginfo-102.15.0-1.el8_8.ppc64le.rpm
SHA-256: 16e7e31816ebaac6914499bd0758bef94e5a08c45c0616ac85d43769f289d5d3
thunderbird-debugsource-102.15.0-1.el8_8.ppc64le.rpm
SHA-256: f428f3352fc06a707b27925c057d70d4fc8a0864c64fda3d72ed7e0f46959fca
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8
SRPM
thunderbird-102.15.0-1.el8_8.src.rpm
SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1
ppc64le
thunderbird-102.15.0-1.el8_8.ppc64le.rpm
SHA-256: e0f75ed5ca41ebf01d2c5f55d5d1fbf0cf4781f6283b6b02c19d0b93924f16bf
thunderbird-debuginfo-102.15.0-1.el8_8.ppc64le.rpm
SHA-256: 16e7e31816ebaac6914499bd0758bef94e5a08c45c0616ac85d43769f289d5d3
thunderbird-debugsource-102.15.0-1.el8_8.ppc64le.rpm
SHA-256: f428f3352fc06a707b27925c057d70d4fc8a0864c64fda3d72ed7e0f46959fca
Red Hat Enterprise Linux Server - TUS 8.8
SRPM
thunderbird-102.15.0-1.el8_8.src.rpm
SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1
x86_64
thunderbird-102.15.0-1.el8_8.x86_64.rpm
SHA-256: 27eaf4ed74da37531ccd2f39d38323326e4a4d5db7d4433ac80454d34e0124db
thunderbird-debuginfo-102.15.0-1.el8_8.x86_64.rpm
SHA-256: 53e8d228dc54b7973b97c3c65121027ed56dc36aec7a2e7493bbaaa296f3cabe
thunderbird-debugsource-102.15.0-1.el8_8.x86_64.rpm
SHA-256: 0a68858b0ad56f630cc46e1ee5798256c4992e94bea29f1dcf673a5df0b0cd44
Red Hat Enterprise Linux for ARM 64 8
SRPM
thunderbird-102.15.0-1.el8_8.src.rpm
SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1
aarch64
thunderbird-102.15.0-1.el8_8.aarch64.rpm
SHA-256: 6ecf18da19145b202a89b523a399f942270338f335bfeba76905f7705d4ce462
thunderbird-debuginfo-102.15.0-1.el8_8.aarch64.rpm
SHA-256: 1200eed4938afc1a9c3e406a526c8c5b8d03859777a336734b1c08f0fa643112
thunderbird-debugsource-102.15.0-1.el8_8.aarch64.rpm
SHA-256: baa71750b21f5d033df66b37de68b747bd89e825f9f1934368ef52468c96047a
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8
SRPM
thunderbird-102.15.0-1.el8_8.src.rpm
SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1
aarch64
thunderbird-102.15.0-1.el8_8.aarch64.rpm
SHA-256: 6ecf18da19145b202a89b523a399f942270338f335bfeba76905f7705d4ce462
thunderbird-debuginfo-102.15.0-1.el8_8.aarch64.rpm
SHA-256: 1200eed4938afc1a9c3e406a526c8c5b8d03859777a336734b1c08f0fa643112
thunderbird-debugsource-102.15.0-1.el8_8.aarch64.rpm
SHA-256: baa71750b21f5d033df66b37de68b747bd89e825f9f1934368ef52468c96047a
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8
SRPM
thunderbird-102.15.0-1.el8_8.src.rpm
SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1
ppc64le
thunderbird-102.15.0-1.el8_8.ppc64le.rpm
SHA-256: e0f75ed5ca41ebf01d2c5f55d5d1fbf0cf4781f6283b6b02c19d0b93924f16bf
thunderbird-debuginfo-102.15.0-1.el8_8.ppc64le.rpm
SHA-256: 16e7e31816ebaac6914499bd0758bef94e5a08c45c0616ac85d43769f289d5d3
thunderbird-debugsource-102.15.0-1.el8_8.ppc64le.rpm
SHA-256: f428f3352fc06a707b27925c057d70d4fc8a0864c64fda3d72ed7e0f46959fca
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8
SRPM
thunderbird-102.15.0-1.el8_8.src.rpm
SHA-256: a27b43f7627ea1a7b5d5dc8ad8fd322e6eb21558e78d3da68500503cbd667ea1
x86_64
thunderbird-102.15.0-1.el8_8.x86_64.rpm
SHA-256: 27eaf4ed74da37531ccd2f39d38323326e4a4d5db7d4433ac80454d34e0124db
thunderbird-debuginfo-102.15.0-1.el8_8.x86_64.rpm
SHA-256: 53e8d228dc54b7973b97c3c65121027ed56dc36aec7a2e7493bbaaa296f3cabe
thunderbird-debugsource-102.15.0-1.el8_8.x86_64.rpm
SHA-256: 0a68858b0ad56f630cc46e1ee5798256c4992e94bea29f1dcf673a5df0b0cd44
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202402-25 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.7.0 are affected.
Ubuntu Security Notice 6405-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Andrew McCreight discovered that Thunderbird did not properly manage during the worker lifecycle. An attacker could potentially exploit this issue to cause a denial of service.
When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.
Red Hat Security Advisory 2023-5019-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR.
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full scr...
Red Hat Security Advisory 2023-4955-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.
Red Hat Security Advisory 2023-4956-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.
Red Hat Security Advisory 2023-4947-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.
Red Hat Security Advisory 2023-4948-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.
Red Hat Security Advisory 2023-4950-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR.
Debian Linux Security Advisory 5488-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
Debian Linux Security Advisory 5488-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
Debian Linux Security Advisory 5488-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
Debian Linux Security Advisory 5488-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
Debian Linux Security Advisory 5488-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full scr...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could hav...
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have le...
An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website could ...
An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full...
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full scr...
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A webs...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A ...
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website could ...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user con...
An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. * CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as: A website co...
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusi...
Debian Linux Security Advisory 5485-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Debian Linux Security Advisory 5485-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Debian Linux Security Advisory 5485-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Debian Linux Security Advisory 5485-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Debian Linux Security Advisory 5485-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.
Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.
Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.
Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.
Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.
Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.
Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.
Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.
Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.
Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.
Ubuntu Security Notice 6267-3 - USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy. Alexander Guryanov discovered that Firefox did not properly update the value of a global variable in WASM JIT analysis in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. Mark Brand discovered that Firefox did not properly validate the size of an untrusted input strea...
Ubuntu Security Notice 6267-3 - USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy. Alexander Guryanov discovered that Firefox did not properly update the value of a global variable in WASM JIT analysis in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. Mark Brand discovered that Firefox did not properly validate the size of an untrusted input strea...
Ubuntu Security Notice 6267-2 - USN-6267-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy. Alexander Guryanov discovered that Firefox did not properly update the value of a global variable in WASM JIT analysis in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. Mark Brand discovered that Firefox did not properly validate the size of an untrusted input stream. An attacker could potentially exploi...
Ubuntu Security Notice 6267-2 - USN-6267-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy. Alexander Guryanov discovered that Firefox did not properly update the value of a global variable in WASM JIT analysis in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. Mark Brand discovered that Firefox did not properly validate the size of an untrusted input stream. An attacker could potentially exploi...
Ubuntu Security Notice 6267-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy.
Ubuntu Security Notice 6267-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy.
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.