Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-36499: IoT-Vulns/netgear/nvram_ssid/README.md at main · FirmRec/IoT-Vulns

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.

CVE-2023-38922: IoT-Vulns/netgear/http_passwd_auth/README.md at main · FirmRec/IoT-Vulns

Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi.

CVE-2023-38924: IoT-Vulns/netgear/http_password_create_smb_cfg/README.md at main · FirmRec/IoT-Vulns

Red Hat Security Advisory 2023-4497-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Issues addressed include buffer overflow, bypass, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4497-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4497  
Issue date:        2023-08-07  
CVE Names:         CVE-2023-3417 CVE-2023-4045 CVE-2023-4046  
                   CVE-2023-4047 CVE-2023-4048 CVE-2023-4049  
                   CVE-2023-4050 CVE-2023-4055 CVE-2023-4056  
                   CVE-2023-4057  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.14.0.

Security Fix(es):

* Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
(CVE-2023-4045)

* Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-4047)

* Mozilla: Crash in DOMParser due to out-of-memory conditions  
(CVE-2023-4048)

* Mozilla: Fix potential race conditions when releasing platform objects  
(CVE-2023-4049)

* Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050)

* Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,  
Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
(CVE-2023-4056)

* Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird  
115.1 (CVE-2023-4057)

* thunderbird: File Extension Spoofing using the Text Direction Override  
Character (CVE-2023-3417)

* Mozilla: Cookie jar overflow caused unexpected cookie jar state  
(CVE-2023-4055)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2225325 - CVE-2023-3417 thunderbird: File Extension Spoofing using the Text Direction Override Character  
2228360 - CVE-2023-4045 Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
2228361 - CVE-2023-4046 Mozilla: Incorrect value used during WASM compilation  
2228362 - CVE-2023-4047 Mozilla: Potential permissions request bypass via clickjacking  
2228363 - CVE-2023-4048 Mozilla: Crash in DOMParser due to out-of-memory conditions  
2228364 - CVE-2023-4049 Mozilla: Fix potential race conditions when releasing platform objects  
2228365 - CVE-2023-4050 Mozilla: Stack buffer overflow in StorageManager  
2228367 - CVE-2023-4055 Mozilla: Cookie jar overflow caused unexpected cookie jar state  
2228370 - CVE-2023-4056 Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
2228371 - CVE-2023-4057 Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird 115.1

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
thunderbird-102.14.0-1.el8_8.src.rpm

aarch64:  
thunderbird-102.14.0-1.el8_8.aarch64.rpm  
thunderbird-debuginfo-102.14.0-1.el8_8.aarch64.rpm  
thunderbird-debugsource-102.14.0-1.el8_8.aarch64.rpm

ppc64le:  
thunderbird-102.14.0-1.el8_8.ppc64le.rpm  
thunderbird-debuginfo-102.14.0-1.el8_8.ppc64le.rpm  
thunderbird-debugsource-102.14.0-1.el8_8.ppc64le.rpm

s390x:  
thunderbird-102.14.0-1.el8_8.s390x.rpm  
thunderbird-debuginfo-102.14.0-1.el8_8.s390x.rpm  
thunderbird-debugsource-102.14.0-1.el8_8.s390x.rpm

x86_64:  
thunderbird-102.14.0-1.el8_8.x86_64.rpm  
thunderbird-debuginfo-102.14.0-1.el8_8.x86_64.rpm  
thunderbird-debugsource-102.14.0-1.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3417  
https://access.redhat.com/security/cve/CVE-2023-4045  
https://access.redhat.com/security/cve/CVE-2023-4046  
https://access.redhat.com/security/cve/CVE-2023-4047  
https://access.redhat.com/security/cve/CVE-2023-4048  
https://access.redhat.com/security/cve/CVE-2023-4049  
https://access.redhat.com/security/cve/CVE-2023-4050  
https://access.redhat.com/security/cve/CVE-2023-4055  
https://access.redhat.com/security/cve/CVE-2023-4056  
https://access.redhat.com/security/cve/CVE-2023-4057  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0P2HAAoJENzjgjWX9erEiwgP/jUVVVd6QD4VPf1CzYuBBR4b  
z9soz0fFRJmKlULKr/TSJhEJ0HAU1vRHbOT2pEc/vQicwoWnpj3qRzUPJ2q0woCV  
m2wfGonzJ17hJNDdukXweN9Zu4PvmwD+fBgseCmdhd2qtK0r1IryoxqVA1L0kE8B  
Z9fKu9gUqjDqNM0ybltIDCKrSex2Im8sKEFX4/mC4qWOP30N6fF/UeCo4bw7LaLD  
TuLhDL15lGQQGaGlOp/W45siYNl+4ZQjYV315EL6hquSM/rdRmB4xs+AoxvlqSy8  
et74pq4Nt2OzSysOkk2ZGE76schOq1VAlaJ5pgPwTcp5+L4Hv2l48w+V8KMwoHpZ  
BdvuGqosLbugeHadAHsbKXPCvhTeZZ+Y/LfI15UwLWkJOoe0EVyUyyWUgwJYoFcA  
unSOkt43Gm//jzUxF5RFqwMRp3CqHxcWm9JtSiSm5g8AHvkpmEWam6KcDQLqsBDG  
JfxqPCz0abFoTNXyHTLAygGv57LL4xA8GfjMQdhdk+jBIFwaXmIxsPT4S/rFirCL  
LSgsf4RWr8vFQrzBSfdNI0BOswRU4ZhfqdBhOa+0tUeauDdXcDMJNmPaa+L2BZ0A  
O4WYqQShvqCBBlwtXDTa0favo89GZyn8q5qo3ddZHKgC6ukWxj1DFa8/UDQqARRm  
eZgizToOWRA/4FlUZ8q4  
=LPkR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4497-01

Red Hat Security Advisory 2023-4499-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Issues addressed include buffer overflow, bypass, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4499-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4499  
Issue date:        2023-08-07  
CVE Names:         CVE-2023-3417 CVE-2023-4045 CVE-2023-4046  
                   CVE-2023-4047 CVE-2023-4048 CVE-2023-4049  
                   CVE-2023-4050 CVE-2023-4055 CVE-2023-4056  
                   CVE-2023-4057  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.14.0.

Security Fix(es):

* Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
(CVE-2023-4045)

* Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-4047)

* Mozilla: Crash in DOMParser due to out-of-memory conditions  
(CVE-2023-4048)

* Mozilla: Fix potential race conditions when releasing platform objects  
(CVE-2023-4049)

* Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050)

* Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,  
Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
(CVE-2023-4056)

* Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird  
115.1 (CVE-2023-4057)

* thunderbird: File Extension Spoofing using the Text Direction Override  
Character (CVE-2023-3417)

* Mozilla: Cookie jar overflow caused unexpected cookie jar state  
(CVE-2023-4055)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2225325 - CVE-2023-3417 thunderbird: File Extension Spoofing using the Text Direction Override Character  
2228360 - CVE-2023-4045 Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
2228361 - CVE-2023-4046 Mozilla: Incorrect value used during WASM compilation  
2228362 - CVE-2023-4047 Mozilla: Potential permissions request bypass via clickjacking  
2228363 - CVE-2023-4048 Mozilla: Crash in DOMParser due to out-of-memory conditions  
2228364 - CVE-2023-4049 Mozilla: Fix potential race conditions when releasing platform objects  
2228365 - CVE-2023-4050 Mozilla: Stack buffer overflow in StorageManager  
2228367 - CVE-2023-4055 Mozilla: Cookie jar overflow caused unexpected cookie jar state  
2228370 - CVE-2023-4056 Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
2228371 - CVE-2023-4057 Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird 115.1

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
thunderbird-102.14.0-1.el9_2.src.rpm

aarch64:  
thunderbird-102.14.0-1.el9_2.aarch64.rpm  
thunderbird-debuginfo-102.14.0-1.el9_2.aarch64.rpm  
thunderbird-debugsource-102.14.0-1.el9_2.aarch64.rpm

ppc64le:  
thunderbird-102.14.0-1.el9_2.ppc64le.rpm  
thunderbird-debuginfo-102.14.0-1.el9_2.ppc64le.rpm  
thunderbird-debugsource-102.14.0-1.el9_2.ppc64le.rpm

s390x:  
thunderbird-102.14.0-1.el9_2.s390x.rpm  
thunderbird-debuginfo-102.14.0-1.el9_2.s390x.rpm  
thunderbird-debugsource-102.14.0-1.el9_2.s390x.rpm

x86_64:  
thunderbird-102.14.0-1.el9_2.x86_64.rpm  
thunderbird-debuginfo-102.14.0-1.el9_2.x86_64.rpm  
thunderbird-debugsource-102.14.0-1.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3417  
https://access.redhat.com/security/cve/CVE-2023-4045  
https://access.redhat.com/security/cve/CVE-2023-4046  
https://access.redhat.com/security/cve/CVE-2023-4047  
https://access.redhat.com/security/cve/CVE-2023-4048  
https://access.redhat.com/security/cve/CVE-2023-4049  
https://access.redhat.com/security/cve/CVE-2023-4050  
https://access.redhat.com/security/cve/CVE-2023-4055  
https://access.redhat.com/security/cve/CVE-2023-4056  
https://access.redhat.com/security/cve/CVE-2023-4057  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0P3BAAoJENzjgjWX9erEI4AP/isP37SsYX3PZky9trAcT0vI  
5aGzgYCUr6ioqhynQpyPmKH7tKTnfpeq0jYJHzMWM62LjEYfX76yHiIbAiaV6pRy  
Oy3aPt7sSJzN+/emLuoRF4apWLelHC3T32RexGMvVcnU7lcWNfZ7L24LiogPt4GA  
6/Q7/YQheLIveSM465UX6dp8J7wRZARl6rmK6jO7lquAupSAYY48jhl21NT5E3D+  
0g5ssrjnbitqlt0n59bM/AOaVXC1p9GcS+4EFU2Ma1EbcMrxoImKrvClgl6lEHZq  
lZiQFYXnR7MMTvk5vRO0q5NVp9dpIfhB4T1BpokQ0VQe30zJHGNMxGREqj1dBGZ3  
xtqVgBx7nA+eCdLrjsm+sNvVNJzXCjRpYfYzddgsc4QFBjTUqwveJIr6AKiSZBc4  
ffS61Ehtjr/kYpj/60HZjsrUGaTAlTaCCMibIqfsYa/U+lu7B6IdqOhDkJUhEJcl  
LAYjXmn65n/ADEDPXACgxO52i421XpAjCeTecrGufJ2Q4KnXz0jHZgutmPlbZ999  
b3kRjmIi3Lh7WGR1MTokMKl+yGOy+pLGTBxN5cF0CFmiZhMZJA2LhrOlyS4Vy5J9  
YzukpCDceJKfkEZ2ztjAcLy0pDUqoYfWjjpcdwMSs33pOPMwwY+SECFtbE0x6b7M  
t3ds500K/3QX0KLYhoFf  
=y9y0  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4499-01

Red Hat Security Advisory 2023-4500-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Issues addressed include buffer overflow, bypass, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4500-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4500  
Issue date:        2023-08-07  
CVE Names:         CVE-2023-3417 CVE-2023-4045 CVE-2023-4046  
                   CVE-2023-4047 CVE-2023-4048 CVE-2023-4049  
                   CVE-2023-4050 CVE-2023-4055 CVE-2023-4056  
                   CVE-2023-4057  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4  
Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v.8.4) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v.8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.14.0.

Security Fix(es):

* Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
(CVE-2023-4045)

* Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-4047)

* Mozilla: Crash in DOMParser due to out-of-memory conditions  
(CVE-2023-4048)

* Mozilla: Fix potential race conditions when releasing platform objects  
(CVE-2023-4049)

* Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050)

* Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,  
Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
(CVE-2023-4056)

* Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird  
115.1 (CVE-2023-4057)

* thunderbird: File Extension Spoofing using the Text Direction Override  
Character (CVE-2023-3417)

* Mozilla: Cookie jar overflow caused unexpected cookie jar state  
(CVE-2023-4055)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2225325 - CVE-2023-3417 thunderbird: File Extension Spoofing using the Text Direction Override Character  
2228360 - CVE-2023-4045 Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
2228361 - CVE-2023-4046 Mozilla: Incorrect value used during WASM compilation  
2228362 - CVE-2023-4047 Mozilla: Potential permissions request bypass via clickjacking  
2228363 - CVE-2023-4048 Mozilla: Crash in DOMParser due to out-of-memory conditions  
2228364 - CVE-2023-4049 Mozilla: Fix potential race conditions when releasing platform objects  
2228365 - CVE-2023-4050 Mozilla: Stack buffer overflow in StorageManager  
2228367 - CVE-2023-4055 Mozilla: Cookie jar overflow caused unexpected cookie jar state  
2228370 - CVE-2023-4056 Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
2228371 - CVE-2023-4057 Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird 115.1

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v.8.4):

Source:  
thunderbird-102.14.0-1.el8_4.src.rpm

x86_64:  
thunderbird-102.14.0-1.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.14.0-1.el8_4.x86_64.rpm  
thunderbird-debugsource-102.14.0-1.el8_4.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v.8.4):

Source:  
thunderbird-102.14.0-1.el8_4.src.rpm

aarch64:  
thunderbird-102.14.0-1.el8_4.aarch64.rpm  
thunderbird-debuginfo-102.14.0-1.el8_4.aarch64.rpm  
thunderbird-debugsource-102.14.0-1.el8_4.aarch64.rpm

ppc64le:  
thunderbird-102.14.0-1.el8_4.ppc64le.rpm  
thunderbird-debuginfo-102.14.0-1.el8_4.ppc64le.rpm  
thunderbird-debugsource-102.14.0-1.el8_4.ppc64le.rpm

s390x:  
thunderbird-102.14.0-1.el8_4.s390x.rpm  
thunderbird-debuginfo-102.14.0-1.el8_4.s390x.rpm  
thunderbird-debugsource-102.14.0-1.el8_4.s390x.rpm

x86_64:  
thunderbird-102.14.0-1.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.14.0-1.el8_4.x86_64.rpm  
thunderbird-debugsource-102.14.0-1.el8_4.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v.8.4):

Source:  
thunderbird-102.14.0-1.el8_4.src.rpm

aarch64:  
thunderbird-102.14.0-1.el8_4.aarch64.rpm  
thunderbird-debuginfo-102.14.0-1.el8_4.aarch64.rpm  
thunderbird-debugsource-102.14.0-1.el8_4.aarch64.rpm

ppc64le:  
thunderbird-102.14.0-1.el8_4.ppc64le.rpm  
thunderbird-debuginfo-102.14.0-1.el8_4.ppc64le.rpm  
thunderbird-debugsource-102.14.0-1.el8_4.ppc64le.rpm

s390x:  
thunderbird-102.14.0-1.el8_4.s390x.rpm  
thunderbird-debuginfo-102.14.0-1.el8_4.s390x.rpm  
thunderbird-debugsource-102.14.0-1.el8_4.s390x.rpm

x86_64:  
thunderbird-102.14.0-1.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.14.0-1.el8_4.x86_64.rpm  
thunderbird-debugsource-102.14.0-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3417  
https://access.redhat.com/security/cve/CVE-2023-4045  
https://access.redhat.com/security/cve/CVE-2023-4046  
https://access.redhat.com/security/cve/CVE-2023-4047  
https://access.redhat.com/security/cve/CVE-2023-4048  
https://access.redhat.com/security/cve/CVE-2023-4049  
https://access.redhat.com/security/cve/CVE-2023-4050  
https://access.redhat.com/security/cve/CVE-2023-4055  
https://access.redhat.com/security/cve/CVE-2023-4056  
https://access.redhat.com/security/cve/CVE-2023-4057  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0P3gAAoJENzjgjWX9erEeH0P/1M0cfMSwsEYmKb2lAnc4XuD  
LBA+/ACSx0pmBMqAoG6KMGyv9pLGL4afyTkuUdwrqebX++yxZFK/EZCMa5/vrQei  
NRNx0sCjAdqVlCbqosM5QJUPkHWvt1vLLttJFkbPwDeA/N5/6zOkrjQUNXwH5bOZ  
qUsWXVfJQra6PHQ1wQa5UrrjdPD3eaZkpwKyDNek41bRMcCYRPS10HKeTBj0rWfQ  
bXAGieb7zO3O3EqvJMZ7G21MV80r27Hip+ydP07sJVxz3Za/i/cGtyHzU9Kp0xMp  
7SUkc+LMksNcNCw1/o6yhZdTdRyMgGwEriP0hT9sy7OKHyV3yvkZAQ1OpIINOZ1m  
6H/yFDy18Uhg3mj4LoO72M4VmJAoL9Zd6LjC89mNmWuGXD/TTlHrnBSATz+W3mBA  
ZKZAN+xByw31s/Q1CMsIU/t+VpJev3EIOCrIAkf3jIq4yUb04AShlJk4JAmCNmW8  
xuUQne6bfAw4lZiDqx/JyaV6pulqmGAPFOU2klZNO0EByzv5yeoC8A17oEYzahQq  
EvJDhg8/fTDHxZwtQm0OupZQY9CvfQaxaCz5OJrH43rQnfK8mDWrEW4IkZz4fLNo  
Nn4U+x4kNTMj7T0RSdewWD4qyS3juWeTXRSkSCyv1ksVpGtQWG2AJh7dypCHg51X  
07ioqq8PHwK2s5ytPmja  
=MOUN  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4500-01

Red Hat Security Advisory 2023-4495-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Issues addressed include buffer overflow, bypass, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4495-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4495  
Issue date:        2023-08-07  
CVE Names:         CVE-2023-3417 CVE-2023-4045 CVE-2023-4046  
                   CVE-2023-4047 CVE-2023-4048 CVE-2023-4049  
                   CVE-2023-4050 CVE-2023-4055 CVE-2023-4056  
                   CVE-2023-4057  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.14.0.

Security Fix(es):

* Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
(CVE-2023-4045)

* Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-4047)

* Mozilla: Crash in DOMParser due to out-of-memory conditions  
(CVE-2023-4048)

* Mozilla: Fix potential race conditions when releasing platform objects  
(CVE-2023-4049)

* Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050)

* Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,  
Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
(CVE-2023-4056)

* Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird  
115.1 (CVE-2023-4057)

* thunderbird: File Extension Spoofing using the Text Direction Override  
Character (CVE-2023-3417)

* Mozilla: Cookie jar overflow caused unexpected cookie jar state  
(CVE-2023-4055)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2225325 - CVE-2023-3417 thunderbird: File Extension Spoofing using the Text Direction Override Character  
2228360 - CVE-2023-4045 Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
2228361 - CVE-2023-4046 Mozilla: Incorrect value used during WASM compilation  
2228362 - CVE-2023-4047 Mozilla: Potential permissions request bypass via clickjacking  
2228363 - CVE-2023-4048 Mozilla: Crash in DOMParser due to out-of-memory conditions  
2228364 - CVE-2023-4049 Mozilla: Fix potential race conditions when releasing platform objects  
2228365 - CVE-2023-4050 Mozilla: Stack buffer overflow in StorageManager  
2228367 - CVE-2023-4055 Mozilla: Cookie jar overflow caused unexpected cookie jar state  
2228370 - CVE-2023-4056 Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
2228371 - CVE-2023-4057 Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird 115.1

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
thunderbird-102.14.0-1.el7_9.src.rpm

x86_64:  
thunderbird-102.14.0-1.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.14.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
thunderbird-102.14.0-1.el7_9.src.rpm

ppc64le:  
thunderbird-102.14.0-1.el7_9.ppc64le.rpm  
thunderbird-debuginfo-102.14.0-1.el7_9.ppc64le.rpm

x86_64:  
thunderbird-102.14.0-1.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.14.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
thunderbird-102.14.0-1.el7_9.src.rpm

x86_64:  
thunderbird-102.14.0-1.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.14.0-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3417  
https://access.redhat.com/security/cve/CVE-2023-4045  
https://access.redhat.com/security/cve/CVE-2023-4046  
https://access.redhat.com/security/cve/CVE-2023-4047  
https://access.redhat.com/security/cve/CVE-2023-4048  
https://access.redhat.com/security/cve/CVE-2023-4049  
https://access.redhat.com/security/cve/CVE-2023-4050  
https://access.redhat.com/security/cve/CVE-2023-4055  
https://access.redhat.com/security/cve/CVE-2023-4056  
https://access.redhat.com/security/cve/CVE-2023-4057  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0P3OAAoJENzjgjWX9erE5HkP/3wf0pb7J7dMsEry7Mx8rX6I  
KD+WC4r2CodrRi2uh3rdjYeey2z+Z7geo+62+QpnNXKD29wiKAt46tk0mDOrRi/h  
vMuyN+eZ+XiWjRIfipkViCYOG0fXSG5e4IekdFTkv/ju/eovevbujd9V4LVlE9ha  
FWO3nGn1d0qJgUxdmbkHNFIvQefzjj7VhOTXLRS/ouIQqXUiQ42qowA8udjghQHA  
BTcTMNjmcEPVJi/M6xiBsdv+o0CH+S4rzSCHDOEo+494okHsl8hAedVonjJATD5A  
dfyPfU4xnrp13K2uPfcPn3aqWgDx2taJDm5qxfYt/ww9qmrq+mmWz3dzeTGpt49m  
DZqm1fFFf/VreIH6+cUEWRhGvswf/dzUprqDEkhpN1oXT7EPyB1F7IWfJvLMV6j0  
JfguoPIoe1MwO5e34gdTzMiXDkfKPq34w6W1xofqZdoezqYSAYMhsfkBDq2JCCFm  
t4wLd52UlRR/d1s6pfdj02uuWS0cxY2jfXMgIgb2OMtoBfo98iaChpb4OdWf8BT3  
K68mV9HjR4QITvdYDAhwViBSNh6ccnPfZVR6vjNneXvyJa1YeE2/+IutbIsgkUnV  
DYfdoQiMTUFQuv1lX/IjNPKdKBHrEnyRQ6XOFrHWeZ54NMuhKuQGPe6I1NzbD8f5  
rkxpStOKC0QaSIf4zW6q  
=uGal  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4495-01

Red Hat Security Advisory 2023-4496-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Issues addressed include buffer overflow, bypass, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4496-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4496  
Issue date:        2023-08-07  
CVE Names:         CVE-2023-3417 CVE-2023-4045 CVE-2023-4046  
                   CVE-2023-4047 CVE-2023-4048 CVE-2023-4049  
                   CVE-2023-4050 CVE-2023-4055 CVE-2023-4056  
                   CVE-2023-4057  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.14.0.

Security Fix(es):

* Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
(CVE-2023-4045)

* Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-4047)

* Mozilla: Crash in DOMParser due to out-of-memory conditions  
(CVE-2023-4048)

* Mozilla: Fix potential race conditions when releasing platform objects  
(CVE-2023-4049)

* Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050)

* Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,  
Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
(CVE-2023-4056)

* Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird  
115.1 (CVE-2023-4057)

* thunderbird: File Extension Spoofing using the Text Direction Override  
Character (CVE-2023-3417)

* Mozilla: Cookie jar overflow caused unexpected cookie jar state  
(CVE-2023-4055)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2225325 - CVE-2023-3417 thunderbird: File Extension Spoofing using the Text Direction Override Character  
2228360 - CVE-2023-4045 Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
2228361 - CVE-2023-4046 Mozilla: Incorrect value used during WASM compilation  
2228362 - CVE-2023-4047 Mozilla: Potential permissions request bypass via clickjacking  
2228363 - CVE-2023-4048 Mozilla: Crash in DOMParser due to out-of-memory conditions  
2228364 - CVE-2023-4049 Mozilla: Fix potential race conditions when releasing platform objects  
2228365 - CVE-2023-4050 Mozilla: Stack buffer overflow in StorageManager  
2228367 - CVE-2023-4055 Mozilla: Cookie jar overflow caused unexpected cookie jar state  
2228370 - CVE-2023-4056 Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
2228371 - CVE-2023-4057 Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird 115.1

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
thunderbird-102.14.0-1.el8_2.src.rpm

x86_64:  
thunderbird-102.14.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.14.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.14.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
thunderbird-102.14.0-1.el8_2.src.rpm

ppc64le:  
thunderbird-102.14.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.14.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.14.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.14.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.14.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.14.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
thunderbird-102.14.0-1.el8_2.src.rpm

x86_64:  
thunderbird-102.14.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.14.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.14.0-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3417  
https://access.redhat.com/security/cve/CVE-2023-4045  
https://access.redhat.com/security/cve/CVE-2023-4046  
https://access.redhat.com/security/cve/CVE-2023-4047  
https://access.redhat.com/security/cve/CVE-2023-4048  
https://access.redhat.com/security/cve/CVE-2023-4049  
https://access.redhat.com/security/cve/CVE-2023-4050  
https://access.redhat.com/security/cve/CVE-2023-4055  
https://access.redhat.com/security/cve/CVE-2023-4056  
https://access.redhat.com/security/cve/CVE-2023-4057  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0P3zAAoJENzjgjWX9erEHuMQAJzYbHSO64RfCUKDP5BDcbcm  
NDW620nj10HjbuQdRWML0i7ClLXI7M5M/qhVGtF1tNOPNIqGLzt0xZwB1WF6Ub49  
0ASHMkWvBgg5r+4Xbg9DyD9aYAd2FzbyI7CLm2XGOfABGSbsFHr4SOCVj5xMkm66  
/rZ/lASvu+ofrWtj6HpHQBvzUB21purp/r6EwhS85FxesYJ+L3v+OsFLbTU6XiHN  
4fD23mc7paLerfU3mcKCT4PaxjzHA3qefTyFZrdqP60DV0ceCQ3Ft4VZ88eZREFW  
Uc04aopQfqPGRjYC3W4ndjiNUTcDmbu/hVLSA0Cw21MlEC/oKmXKsHcR8qT6F06T  
F0NrDvpZiwi88ir1QdldP+HmzQSvhGSgeEC0eegEuUHwmFvOIEWh9qoOGlglQp1k  
Yb3SSgPB6ybLBQmE3pSJsO11FCtTUeMqeQit+3OnAjbbhTEUcVYNfuSX/z+FVBMQ  
29WeprIk2Bpwh/g93L3VZ0D/Hg6IyCc4UadPqAsErDHxOAll+g9lIke00S0oRvX8  
+i4GkxYZBrppmIFc+rIAvFMLXch5CY5K1sqh7R5xjCJFg7h2mX4KGhDFfksipIUh  
rwlL3qQNij5Osgud89wUaARog64GawcSu4BIZZ4Ft8NAD7/GLObaAO0pJZiU5/Vj  
Ff/VoBLCkmuFuRCE3VxK  
=s8Mp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4496-01

Red Hat Security Advisory 2023-4493-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Issues addressed include buffer overflow, bypass, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4493-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4493  
Issue date:        2023-08-07  
CVE Names:         CVE-2023-3417 CVE-2023-4045 CVE-2023-4046  
                   CVE-2023-4047 CVE-2023-4048 CVE-2023-4049  
                   CVE-2023-4050 CVE-2023-4055 CVE-2023-4056  
                   CVE-2023-4057  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.14.0.

Security Fix(es):

* Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
(CVE-2023-4045)

* Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-4047)

* Mozilla: Crash in DOMParser due to out-of-memory conditions  
(CVE-2023-4048)

* Mozilla: Fix potential race conditions when releasing platform objects  
(CVE-2023-4049)

* Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050)

* Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,  
Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
(CVE-2023-4056)

* Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird  
115.1 (CVE-2023-4057)

* thunderbird: File Extension Spoofing using the Text Direction Override  
Character (CVE-2023-3417)

* Mozilla: Cookie jar overflow caused unexpected cookie jar state  
(CVE-2023-4055)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2225325 - CVE-2023-3417 thunderbird: File Extension Spoofing using the Text Direction Override Character  
2228360 - CVE-2023-4045 Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
2228361 - CVE-2023-4046 Mozilla: Incorrect value used during WASM compilation  
2228362 - CVE-2023-4047 Mozilla: Potential permissions request bypass via clickjacking  
2228363 - CVE-2023-4048 Mozilla: Crash in DOMParser due to out-of-memory conditions  
2228364 - CVE-2023-4049 Mozilla: Fix potential race conditions when releasing platform objects  
2228365 - CVE-2023-4050 Mozilla: Stack buffer overflow in StorageManager  
2228367 - CVE-2023-4055 Mozilla: Cookie jar overflow caused unexpected cookie jar state  
2228370 - CVE-2023-4056 Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
2228371 - CVE-2023-4057 Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird 115.1

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
thunderbird-102.14.0-1.el8_6.src.rpm

aarch64:  
thunderbird-102.14.0-1.el8_6.aarch64.rpm  
thunderbird-debuginfo-102.14.0-1.el8_6.aarch64.rpm  
thunderbird-debugsource-102.14.0-1.el8_6.aarch64.rpm

ppc64le:  
thunderbird-102.14.0-1.el8_6.ppc64le.rpm  
thunderbird-debuginfo-102.14.0-1.el8_6.ppc64le.rpm  
thunderbird-debugsource-102.14.0-1.el8_6.ppc64le.rpm

s390x:  
thunderbird-102.14.0-1.el8_6.s390x.rpm  
thunderbird-debuginfo-102.14.0-1.el8_6.s390x.rpm  
thunderbird-debugsource-102.14.0-1.el8_6.s390x.rpm

x86_64:  
thunderbird-102.14.0-1.el8_6.x86_64.rpm  
thunderbird-debuginfo-102.14.0-1.el8_6.x86_64.rpm  
thunderbird-debugsource-102.14.0-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3417  
https://access.redhat.com/security/cve/CVE-2023-4045  
https://access.redhat.com/security/cve/CVE-2023-4046  
https://access.redhat.com/security/cve/CVE-2023-4047  
https://access.redhat.com/security/cve/CVE-2023-4048  
https://access.redhat.com/security/cve/CVE-2023-4049  
https://access.redhat.com/security/cve/CVE-2023-4050  
https://access.redhat.com/security/cve/CVE-2023-4055  
https://access.redhat.com/security/cve/CVE-2023-4056  
https://access.redhat.com/security/cve/CVE-2023-4057  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0P2fAAoJENzjgjWX9erE2ygP/2TMRR/93qYrshHSYXzFutcE  
V1F7HrYAl0M/VfIgDLIITQPCBrgYMrvt72yjf4Pn/FswH3N2oxwPYw8qEhhO2Z0I  
oQrDEKH0Pkxrku3Ssm6s3uRSVdFNewpWHasT8y9+rk7eBHyvGG+Cn0j4DoZhntI0  
PeCUqaoXaP+lWDFda4YQMcZj6+NnhHU5tyxUi/Fd+PoQnmkTeNtXHPJ7G5RkywZD  
lCS9fH72N/booPgxSq/0G086MWFbFUhAJFzbGBQ4NnDwXQ4MX1vfPjh/lMYUvA/s  
zq9ykCXfE17U2AH7YHb/l3I5gP0oS4wMrFqdqO+NgUAn+eljuI55qrlxxWHfv8qY  
95BDhEg72Hu1MMb0ictyOtSTa1d2WmPrTcB//IC1kS9cJ5cCBXm2YyNv5oGe+UdP  
COX70ifq3ZB9mBCI0V0vnPe1KLzW9ocl2HtS2xo4dSqkInED1JjYlAuO5lRq5r6u  
2dwM9N/cC5VGufGxcYcTLv6fH1BLWM77S38pOkUEhx/xBTxQtzWQEmaf9uM5jAly  
5BNH0r9pHMiXA9ShNGuZb1kyU1rvJjwRYN+IFxg7M7t+LwoXZ4Tkc268CnV5GfWZ  
bbycubepNz7m2KksZZddOj+uu8p/lSC71m8fsxcSYRURCE7hHzhdg3OPPdktJ2eu  
eMpVOF9NJr8siFLgq0+C  
=emMd  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4493-01

Red Hat Security Advisory 2023-4494-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Issues addressed include buffer overflow, bypass, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4494-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4494  
Issue date:        2023-08-07  
CVE Names:         CVE-2023-3417 CVE-2023-4045 CVE-2023-4046  
                   CVE-2023-4047 CVE-2023-4048 CVE-2023-4049  
                   CVE-2023-4050 CVE-2023-4055 CVE-2023-4056  
                   CVE-2023-4057  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.14.0.

Security Fix(es):

* Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
(CVE-2023-4045)

* Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-4047)

* Mozilla: Crash in DOMParser due to out-of-memory conditions  
(CVE-2023-4048)

* Mozilla: Fix potential race conditions when releasing platform objects  
(CVE-2023-4049)

* Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050)

* Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,  
Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
(CVE-2023-4056)

* Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird  
115.1 (CVE-2023-4057)

* thunderbird: File Extension Spoofing using the Text Direction Override  
Character (CVE-2023-3417)

* Mozilla: Cookie jar overflow caused unexpected cookie jar state  
(CVE-2023-4055)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2225325 - CVE-2023-3417 thunderbird: File Extension Spoofing using the Text Direction Override Character  
2228360 - CVE-2023-4045 Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
2228361 - CVE-2023-4046 Mozilla: Incorrect value used during WASM compilation  
2228362 - CVE-2023-4047 Mozilla: Potential permissions request bypass via clickjacking  
2228363 - CVE-2023-4048 Mozilla: Crash in DOMParser due to out-of-memory conditions  
2228364 - CVE-2023-4049 Mozilla: Fix potential race conditions when releasing platform objects  
2228365 - CVE-2023-4050 Mozilla: Stack buffer overflow in StorageManager  
2228367 - CVE-2023-4055 Mozilla: Cookie jar overflow caused unexpected cookie jar state  
2228370 - CVE-2023-4056 Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
2228371 - CVE-2023-4057 Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird 115.1

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
thunderbird-102.14.0-1.el9_0.src.rpm

aarch64:  
thunderbird-102.14.0-1.el9_0.aarch64.rpm  
thunderbird-debuginfo-102.14.0-1.el9_0.aarch64.rpm  
thunderbird-debugsource-102.14.0-1.el9_0.aarch64.rpm

ppc64le:  
thunderbird-102.14.0-1.el9_0.ppc64le.rpm  
thunderbird-debuginfo-102.14.0-1.el9_0.ppc64le.rpm  
thunderbird-debugsource-102.14.0-1.el9_0.ppc64le.rpm

s390x:  
thunderbird-102.14.0-1.el9_0.s390x.rpm  
thunderbird-debuginfo-102.14.0-1.el9_0.s390x.rpm  
thunderbird-debugsource-102.14.0-1.el9_0.s390x.rpm

x86_64:  
thunderbird-102.14.0-1.el9_0.x86_64.rpm  
thunderbird-debuginfo-102.14.0-1.el9_0.x86_64.rpm  
thunderbird-debugsource-102.14.0-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3417  
https://access.redhat.com/security/cve/CVE-2023-4045  
https://access.redhat.com/security/cve/CVE-2023-4046  
https://access.redhat.com/security/cve/CVE-2023-4047  
https://access.redhat.com/security/cve/CVE-2023-4048  
https://access.redhat.com/security/cve/CVE-2023-4049  
https://access.redhat.com/security/cve/CVE-2023-4050  
https://access.redhat.com/security/cve/CVE-2023-4055  
https://access.redhat.com/security/cve/CVE-2023-4056  
https://access.redhat.com/security/cve/CVE-2023-4057  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0P2tAAoJENzjgjWX9erE8R4QAJUHVxuPB6Nwx+WzZrKzaUmd  
fqnRB2xQXrFEZAjgYUTo1a2DmCHdVNw320G2KacahiOcsz5f1Kh+/HgwTFVc5at/  
d8aRECut6OHxBKsCigohCMtKAVIyzIORAQfVei0cn+9vcDAYxFhaf0zGU7+y4AJv  
S/WiyDU9kpWzAPCmYgZDfQ6jQlZEI7IbdHaBtPm06JMdmmklm+pK02Lb9spBimTz  
0nnAGgURcUsCDzCGBJO/7wAnVkCvD2tVHqD7aQ9x7DKW71fQqhMBJ9xxs7gXOXVe  
j8r8CEIUliGzqeuIgE+mm4DzrVxpRcwqxpc5tdKBXaBy5Pr0YxZe0Ho96sDk02j6  
AL/Be4H1o6phpl6AlpvNrwPOO5l2mFJjchwvfSn5D0GCAS00qmavvSeTD1sc/RA6  
3LQXCCgPzvQeykKqdIxG3dAB3dYNtXKHYdf4PWJB2lzqBCBgAW80Aw2bq6CHSXNs  
Yw3ESWDOE4fLBIxTYuVsvgilq9Q6Xm4UhkzpA1yBakJeyWEVbu5oorxFRyzhGXVv  
IR/5tAxsQ/VLevyKMH8AEbhxRhW1GQsmxeZV6Fuy85GyahfSw68mhkJg3NuwEoTS  
Syb18fiHsDg0u70BLglcSMSLrd5QGROHoJQYbZGgpl3tN/6ECQWIfgIpziyGGjHW  
zpsu67T9sa/wnmWFkUBW  
=ICtZ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#buffer_overflow