Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113.

Sorry, I can't find "_1776755?cve=title_". It does not seem like bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2023-32210: Invalid Bug ID

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 9 and June 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Threat Roundup for June 9 to June 16

Red Hat Security Advisory 2023-3567-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3567-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3567  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-34414 CVE-2023-34416   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.12.0.

Security Fix(es):

* Mozilla: Click-jacking certificate exceptions through rendering lag  
(CVE-2023-34414)

* Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12  
(CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag  
2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
thunderbird-102.12.0-1.el9_0.src.rpm

aarch64:  
thunderbird-102.12.0-1.el9_0.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el9_0.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el9_0.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el9_0.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el9_0.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el9_0.ppc64le.rpm

s390x:  
thunderbird-102.12.0-1.el9_0.s390x.rpm  
thunderbird-debuginfo-102.12.0-1.el9_0.s390x.rpm  
thunderbird-debugsource-102.12.0-1.el9_0.s390x.rpm

x86_64:  
thunderbird-102.12.0-1.el9_0.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el9_0.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34414  
https://access.redhat.com/security/cve/CVE-2023-34416  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEuNzjgjWX9erEAQiQcg/+IT1nZejMB+ukH3RWExCdAqWWbL7017cI  
uAx4lDFK8TmAWfdHpPuj9+H2oDDjmErTsgtUOFw/dd1TQ5AM2tqG1XR0E8q1+hMf  
XZ/XGUiU+GQBV52+i2XxWhhVeCMKUnLj5aBZ6qieR+zJk6Aanpacel0JZaKKBnNw  
NnGf839A+sXqrOowDH+0FLLapdZRkH9TTu71cIwpTQ4Or3/rdheMsivvYLa8VFfi  
DnifXRPVXQnwMj3Qtfh7iIKhonhpWQdP25px+DTZKT9f5arGKul7lRUdz51mvw5N  
V7FFR+W8nveEDU9vqI8ufWiA1hLNuttbi8tZFypWk1XYfz52wS3z6Y3JjfYNlTlX  
LkoTGRv+bkbMPs4rE6OGjsPQG0Q46kfRPsACY9YfqcapY1HCLMVUyKg5YRUQIQE6  
UorZmt8TRPGe5BUXfv+FNnq95xUnbSXirgs4ESuIVlAUcoYZwS+xULqub6SGMv7Q  
MaBLABQ11BFC8mXuaIMjo8eM+hiCEdPF7ElPtlUuhTpK95TJU4frqpPK/1rMZSXI  
ZExQFQ4hj5oY/OVMdQryXx9Z+aE/TYmRY1zDrY3I8d4TMoQE6VNSs8EqoiWPt0NG  
5DnJX1ecVBo0tpae5f1zkipOX/sb823RxG9GYiYXacg0jKYTlkyqkorw0bfgugd5  
48iIm9okXQQ=  
=J2rs  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3567-01

Red Hat Security Advisory 2023-3560-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.12.0 ESR.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:3560-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3560  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-34414 CVE-2023-34416   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.12.0 ESR.

Security Fix(es):

* Mozilla: Click-jacking certificate exceptions through rendering lag  
(CVE-2023-34414)

* Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12  
(CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag  
2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
firefox-102.12.0-1.el8_6.src.rpm

aarch64:  
firefox-102.12.0-1.el8_6.aarch64.rpm  
firefox-debuginfo-102.12.0-1.el8_6.aarch64.rpm  
firefox-debugsource-102.12.0-1.el8_6.aarch64.rpm

ppc64le:  
firefox-102.12.0-1.el8_6.ppc64le.rpm  
firefox-debuginfo-102.12.0-1.el8_6.ppc64le.rpm  
firefox-debugsource-102.12.0-1.el8_6.ppc64le.rpm

s390x:  
firefox-102.12.0-1.el8_6.s390x.rpm  
firefox-debuginfo-102.12.0-1.el8_6.s390x.rpm  
firefox-debugsource-102.12.0-1.el8_6.s390x.rpm

x86_64:  
firefox-102.12.0-1.el8_6.x86_64.rpm  
firefox-debuginfo-102.12.0-1.el8_6.x86_64.rpm  
firefox-debugsource-102.12.0-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34414  
https://access.redhat.com/security/cve/CVE-2023-34416  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEuNzjgjWX9erEAQianw/+NJjYjUGQRtwJrAtva8U30vO0pFLiUTMn  
1SDAu+7y1SrZzl4VPsbMfxFI3ySigT2WgzSJ69uO3PaJSE71PMj5o5NCIIEqd+S7  
PVB7Hz/4wqOcj5sVW1BCByIy5AUNfhXkZgfkm1j6ds5RMPmXdikV/35b0deVRO7n  
NFQkElo3P7tqUjmC6sqK1jeGOJYso8amqCBPtvW0gwsTlN7OOFa9mKiofouqqfzo  
7wPzAoxSmwRfhi5+hmuoKHROD5+0Fh8UBBQnBVwUKkzemuXJr+142mOTTwMMGhKV  
JWPpD7XegscW2qjn6m4iOAliVkynhPZer1YmlsKLYcCQHXidDmL60E+gA2t/YG+E  
D5nB+1SKZZnvkVwi8aXPNdcM8/edyVKxDrztUvxdCUo6Y9buv10BWqgvQKxtxcHt  
8UAl1Bl2h8QbccCI5ZuBrkUz8qSB3hCdMDfcnDU1yK3A/4k2PpEO14AzqZh0E8gQ  
0zq7qg9RMrwOy+ylYR4Bn6p5ThzgjBFcY8p/vImgww6ZNURc/llL3MIbuIS6w9OA  
Fm5qdVr6o3vRP0skJtRou3uFBXyxTmCemtE4aNo5UMUQA0EkHlnjAdMLSe3EUcSz  
7h1p2mNqE9o0YFza3vQmZXO/nL3a2edVD/l0BfHFpoaRAo8OntnJna5Ihsiv5CDT  
WmUMvyvGE20=  
=kLDb  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3560-01

Purle Devloper Panel version 1.0 suffers from an insecure direct object reference vulnerability that allows an unauthenticated user to update passwords.

    ====================================================================================================================================| # Title     : Purle Devloper Panel ver 1.0 Unauthorized administrative access Vulnerability                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit)                                            | | # Vendor    : http://www.njmweb.we.bs/Purple10/PURPLEV10.zip                                                                     |  | # Dork      : "Purle Devloper Panel"                                                                                             |====================================================================================================================================poc :[+] an unauthenticated access allow you to update password.[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /user_update.php[+] https://127.0.0.1/purple.iprebrandsapp/user_update.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Purle Devloper Panel 1.0 Insecure Direct Object Reference

Ptclab version 3.5 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : Ptclab V3.5 Insecure Settings Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(64-bit)                                              | | # Vendor    : https://viserlab.com                                                                                               |  | # Dork      : "Every balance subtracting transactions need OTP verification so You can feel safe about your funds."              |====================================================================================================================================poc :[+] The vulnerability is about leaving the default settings    During the installation of the script and using the default username and password  [+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user=admin  & pass= admin[+] https://127.0.0.1/scriptviserlabcom/ptclab/Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Ptclab 3.5 Insecure Settings

phpFK version 8.0 suffers from a cross site scripting vulnerability.

**phpFK 8.0 Cross Site Scripting**

Posted Jun 15, 2023

Authored by indoushka

phpFK version 8.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 485c60ad53bb4abb98ff8bd8586f25cee5d5a57abf5f55c1615b45b7b607c8e0

Download | Favorite | View

**phpFK 8.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : phpFK v8.0 version XSS Vulnerability                                                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               | | # Vendor    : https://www.frank-karau.de/demo-forum/                                                                             |  | # Dork      : Powered by: phpFK                                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /forum/thread.php?board=4&thema=349'"><svg/onload=prompt(/_indoushka_/);>{{7*7}}[+] http://127.0.0.1/forum/thread.php?board=4&thema=349%27%22%3E%3Csvg/onload=prompt(/_indoushka_/);%3E{{7*7}}Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,379)
*   Arbitrary (16,086)
*   BBS (2,859)
*   Bypass (1,697)
*   CGI (1,024)
*   Code Execution (7,179)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,321)
*   DoS (23,204)
*   Encryption (2,363)
*   Exploit (51,247)
*   File Inclusion (4,196)
*   File Upload (956)
*   Firewall (821)
*   Info Disclosure (2,722)
*   Intrusion Detection (885)
*   Java (3,003)
*   JavaScript (842)
*   Kernel (6,586)
*   Local (14,394)
*   Magazine (586)
*   Overflow (12,621)
*   Perl (1,423)
*   PHP (5,129)
*   Proof of Concept (2,335)
*   Protocol (3,567)
*   Python (1,510)
*   Remote (30,539)
*   Root (3,567)
*   Rootkit (506)
*   Ruby (609)
*   Scanner (1,633)
*   Security Tool (7,856)
*   Shell (3,165)
*   Shellcode (1,211)
*   Sniffer (893)
*   Spoof (2,189)
*   SQL Injection (16,237)
*   TCP (2,395)
*   Trojan (687)
*   UDP (884)
*   Virus (664)
*   Vulnerability (31,601)
*   Web (9,579)
*   Whitepaper (3,745)
*   x86 (961)
*   XSS (17,701)
*   Other

**File Archives**

*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,980)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,762)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (345)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (45,894)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (482)
*   RedHat (13,380)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,666)
*   UNIX (9,249)
*   UnixWare (186)
*   Windows (6,558)
*   Other

phpFK 8.0 Cross Site Scripting

Red Hat Security Advisory 2023-3566-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3566-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3566  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-34414 CVE-2023-34416   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.12.0.

Security Fix(es):

* Mozilla: Click-jacking certificate exceptions through rendering lag  
(CVE-2023-34414)

* Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12  
(CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag  
2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
thunderbird-102.12.0-1.el8_6.src.rpm

aarch64:  
thunderbird-102.12.0-1.el8_6.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_6.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el8_6.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_6.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_6.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_6.ppc64le.rpm

s390x:  
thunderbird-102.12.0-1.el8_6.s390x.rpm  
thunderbird-debuginfo-102.12.0-1.el8_6.s390x.rpm  
thunderbird-debugsource-102.12.0-1.el8_6.s390x.rpm

x86_64:  
thunderbird-102.12.0-1.el8_6.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_6.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34414  
https://access.redhat.com/security/cve/CVE-2023-34416  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEnNzjgjWX9erEAQgNSw//XrXETd/beU61eyTR7saLUt0Y3E94AdLg  
wTCewFuYxf/fjRbDQKw5BaZ1rVIsxUXVX/bZv1xzIgxHaWaOSZNgq3F3jEZF1l5V  
6jlut+oE9pYfg8nz6LPvElnl1wMGJp0iv2hMuruCUoZ+83/jB2fODfNhqbX2BSwR  
gLQD9oP4hMIw3gXYy2dOds5YDP4vWWrgFYQrZhnhQ5lIGwNpf97HGcZJ1bkquUz6  
YhJ7io7Abe+1//MB5EuCxhaYtPSKEXuolLWzMWuima3fdac5dFQdO75KZIrUxBK/  
NMXCQihRS9IyDJP+MK+PL9KRqtc4XROfqNltmwD+ej/u5Lp83L7NPLvKLcFlt4vX  
NQlh26C9iX/VFaBLk8NmC2sEcEloGoSsiWMVXyGd8K7/V4dmkzM1ogWkBYiWs8Qp  
4a12plO8PgPQJ9JM7HLsxqaVjR0Ms+aL17YXEfOv44ZtuGNKLaBQzAgvYtZqlPZf  
8oSPdo8wnO6m2ZCW51SFVZAyIw4ltmvGssh2xuqjRwRjrRf5+dqAATPe+koeQJs2  
ReL37h/smQucK8cpRYldZt8IoEMJYchWa1t7P6bL1f7hhbJIZmPiPWiq9mUYdXXS  
n6FGvN8+7u3yCtqOEWJ5uF3UWTD5/e+raiKV1UM8vM9fdAk39PRMzjbMNMVoME9N  
8w2oPiU3xMo=  
=4v57  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3566-01

Red Hat Security Advisory 2023-3565-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3565-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3565  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-34414 CVE-2023-34416   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.12.0.

Security Fix(es):

* Mozilla: Click-jacking certificate exceptions through rendering lag  
(CVE-2023-34414)

* Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12  
(CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag  
2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
thunderbird-102.12.0-1.el8_2.src.rpm

aarch64:  
thunderbird-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
thunderbird-102.12.0-1.el8_2.src.rpm

aarch64:  
thunderbird-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
thunderbird-102.12.0-1.el8_2.src.rpm

aarch64:  
thunderbird-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34414  
https://access.redhat.com/security/cve/CVE-2023-34416  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEk9zjgjWX9erEAQiIhA//XFsAGpWoG3HVGDfk5RrXIQ07z8vPDFC8  
Re4usAqE3m+v1CxbRi/5L8zBTtpo7JQXmImIR5+7o+a3YMG6Edgiw0o+tYhtVGaM  
PWSzuhSaR+ah6Rwa9EtnTxWfCSr71fi6AnJQKAV5IehfVYhulppd2okzHWtKp4mv  
KiwfbYInO/hQTajzJ05nSebCzU25KkhDi2ZvoXxb2l+9qtde0L0WCtVll7HeqXkI  
/nW4ex1Rn7bbZmbt9vYktD9+iPikri4+7QDcVmL17Bf5aJ8bKItvqBxyOz9j2Pwk  
ynXNurKagD4BI0eqwF/nDzX1N0FY0Iu8cZJB+N445MbpiUIpp0jVEp2ogNm6dzfV  
yuTgLuzPWQHEtPpD5j5P8Fvwd/XRgJXeanMZVeEoXrCfnLGQe2FR6bdLsUNzl5JP  
i6iCpNpgunkFUXVH0LmTQnAP3JHtLMRPfUA/rDrI5Vfz+/WdshWWV00a+VNIH1vu  
/JpQfpZdK/TM55vse5IRvPBnmdL2Bw9+Vpr2TbWSlVKMbyoEi6OCJ69ftyUAVbzo  
myI4a9b92EuFasfVARmnQAraPaEe/X87Ct5eYp7BFSfnkkhlvefIJ5erY7xXu1Ov  
xI46V207c6eeWNs5k19g16LB2fSORkk13RKED8ztiuv693gf8q35/HLSf1KC7vQX  
qT0uUNcoyZM=  
=SmEz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3565-01

Red Hat Security Advisory 2023-3564-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3564-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3564  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-34414 CVE-2023-34416   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.12.0.

Security Fix(es):

* Mozilla: Click-jacking certificate exceptions through rendering lag  
(CVE-2023-34414)

* Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12  
(CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag  
2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-102.12.0-1.el8_1.src.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_1.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_1.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_1.ppc64le.rpm

x86_64:  
thunderbird-102.12.0-1.el8_1.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_1.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34414  
https://access.redhat.com/security/cve/CVE-2023-34416  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEkdzjgjWX9erEAQh2LQ/9ExmysHlF6ZaYlOozLC2neD48CLJINWUp  
A/1uMaP4Cxf4Lb5rjZgSo0kcJPborjnnzKnMeTGlD3WovGxKqVP5zz1Ez0dbIm7i  
TvFtXDtRrAXMUXmvJy2BYiN2JN7/HnOKxdTce7d0dTmBtOW/PnPF2lfC69XL5f1k  
du7Bdq/rC3913OUo3zFMmQwcS3035zZITvXTAUk26eW2cnF3gJbLOlMfO7crbvfJ  
fympJ/w2llpG4h1AzHc1OpVYyObneL9T6b1PFTx6xJMmkCrWhh3iiXKBpj+b5WXW  
FBx/k2usAjvS6S0GEC3rl6dQBtvKjekpfiDuQiaj/lyLMBt4K/RHl36S83/wpRGA  
Tvn2v9cw/FLXQefOCWRtkkUuMxgdQpRSxMWAM+zNCk6Y0Y5SAbZr1k7xJXcPQlI+  
8jzJ4nIP2i6oaDpIFcD3tDLWsxDg/1WOHyqfetQPTgAi5KNe7lRpHTdbXTDf483b  
UlEUrtnIPPHExXuu91bBcZWYEJKKDyFTUK4iHbk/raAh0p4qHI4kd+rjmR0zlfW7  
zkWVZow/F/P//S0d7XhLbwnU6lVHU5DzpLNnGIzRnrjcFJsoRJQP6Vs6sJNhH/IW  
4SQaIRRAJo694SIUf+aOJdoQrmklfFcG23otVJ6IthQXOCj7sPpc085znS7hBeVx  
gVZZeq1j/Pw=  
=4cSm  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#firefox