Red Hat Security Advisory 2023-1809-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:1809-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1809  
Issue date:        2023-04-17  
CVE Names:         CVE-2023-0547 CVE-2023-1945 CVE-2023-28427   
                   CVE-2023-29479 CVE-2023-29533 CVE-2023-29535   
                   CVE-2023-29536 CVE-2023-29539 CVE-2023-29541   
                   CVE-2023-29548 CVE-2023-29550   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.10.0.

Security Fix(es):

* Thunderbird: Revocation status of S/Mime recipient certificates was not  
checked (CVE-2023-0547)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to  
denial-of-service attack (CVE-2023-28427)

* Mozilla: Fullscreen notification obscured (CVE-2023-29533)

* Mozilla: Potential Memory Corruption following Garbage Collector  
compaction (CVE-2023-29535)

* Mozilla: Invalid free from JavaScript code (CVE-2023-29536)

* Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
(CVE-2023-29550)

* Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)

* Thunderbird: Hang when processing certain OpenPGP messages  
(CVE-2023-29479)

* Mozilla: Content-Disposition filename truncation leads to Reflected File  
Download (CVE-2023-29539)

* Mozilla: Files with malicious extensions could have been downloaded  
unsafely on Linux (CVE-2023-29541)

* Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)

* MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2183278 - CVE-2023-28427 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack  
2186101 - CVE-2023-29533 Mozilla: Fullscreen notification obscured  
2186102 - MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp  
2186103 - CVE-2023-29535 Mozilla: Potential Memory Corruption following Garbage Collector compaction  
2186104 - CVE-2023-29536 Mozilla: Invalid free from JavaScript code  
2186105 - CVE-2023-29539 Mozilla: Content-Disposition filename truncation leads to Reflected File Download  
2186106 - CVE-2023-29541 Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux  
2186109 - CVE-2023-1945 Mozilla: Memory Corruption in Safe Browsing Code  
2186110 - CVE-2023-29548 Mozilla: Incorrect optimization result on ARM64  
2186111 - CVE-2023-29550 Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
2186734 - CVE-2023-0547 Thunderbird: Revocation status of S/Mime recipient certificates was not checked  
2186735 - CVE-2023-29479 Thunderbird: Hang when processing certain OpenPGP messages

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
thunderbird-102.10.0-2.el9_1.src.rpm

aarch64:  
thunderbird-102.10.0-2.el9_1.aarch64.rpm  
thunderbird-debuginfo-102.10.0-2.el9_1.aarch64.rpm  
thunderbird-debugsource-102.10.0-2.el9_1.aarch64.rpm

ppc64le:  
thunderbird-102.10.0-2.el9_1.ppc64le.rpm  
thunderbird-debuginfo-102.10.0-2.el9_1.ppc64le.rpm  
thunderbird-debugsource-102.10.0-2.el9_1.ppc64le.rpm

s390x:  
thunderbird-102.10.0-2.el9_1.s390x.rpm  
thunderbird-debuginfo-102.10.0-2.el9_1.s390x.rpm  
thunderbird-debugsource-102.10.0-2.el9_1.s390x.rpm

x86_64:  
thunderbird-102.10.0-2.el9_1.x86_64.rpm  
thunderbird-debuginfo-102.10.0-2.el9_1.x86_64.rpm  
thunderbird-debugsource-102.10.0-2.el9_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0547  
https://access.redhat.com/security/cve/CVE-2023-1945  
https://access.redhat.com/security/cve/CVE-2023-28427  
https://access.redhat.com/security/cve/CVE-2023-29479  
https://access.redhat.com/security/cve/CVE-2023-29533  
https://access.redhat.com/security/cve/CVE-2023-29535  
https://access.redhat.com/security/cve/CVE-2023-29536  
https://access.redhat.com/security/cve/CVE-2023-29539  
https://access.redhat.com/security/cve/CVE-2023-29541  
https://access.redhat.com/security/cve/CVE-2023-29548  
https://access.redhat.com/security/cve/CVE-2023-29550  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZD10m9zjgjWX9erEAQgDhA/+JEXLBGVmyXuMXGv6T+t5uRQIwRJ8dCtO  
BqczgxSmyXOeYTz3RyT3lHb8trt5WEjXwnLZuFPzjaJDhJV0yCb8WJjAsEnbQje9  
MkT5b7tbEUU9iHdIogLFgNrlQf/odgckmVvM8TgtC2QWxN5+eDUxtRajgc0m1fL3  
BPBB0BkVfjIewbEfJri2lSGQSP4NFv4cZYzDfObhYYrMJgXjnZ7v2WkwzjGKuNnl  
zTwcytGGxd7W+gbWO6srIlwwE79vsix2oUNsPqL9xI2eMpu36jZWfn+cFMUyVZo7  
PiDgGdhWA4Mi1WkbPjEBgrCzXJ5lcZvykONjkgoXvPLosPS/lFaSHyZy2twoXLdN  
35lPJ3rY+JyyQ2GPPhF74Sm991/L+48NuwVW74zJPzEM3JoLi6n6lVtkRDpyOh0T  
PgBBvm0RaCNz12EtpuSnneGzqqb8q82GkvFmWlbwVANF+CBN4Fn8xCHBiM0qrBZy  
TMHsirGQU5l/P4nrSs4GC9NKS1LENvM5qY5zh6SsnPkmw4Pe87R3rqvbg++UuR+f  
xIx06iNqb7Xa1UPLp6vIwjyIyknE8mF5WZVW7NtXzeLOX2MYZO+0QVyexshpzfjK  
MNFFieBB2G+tcRruwGkY1ra9u+fpzRbUifdyAnQkYrAnkcTURTpJLNikUqRqBmN8  
7F5P0pdCOzA=  
=0XK/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1809-01

Red Hat Security Advisory 2023-1810-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:1810-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1810  
Issue date:        2023-04-17  
CVE Names:         CVE-2023-0547 CVE-2023-1945 CVE-2023-28427   
                   CVE-2023-29479 CVE-2023-29533 CVE-2023-29535   
                   CVE-2023-29536 CVE-2023-29539 CVE-2023-29541   
                   CVE-2023-29548 CVE-2023-29550   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.10.0.

Security Fix(es):

* Thunderbird: Revocation status of S/Mime recipient certificates was not  
checked (CVE-2023-0547)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to  
denial-of-service attack (CVE-2023-28427)

* Mozilla: Fullscreen notification obscured (CVE-2023-29533)

* Mozilla: Potential Memory Corruption following Garbage Collector  
compaction (CVE-2023-29535)

* Mozilla: Invalid free from JavaScript code (CVE-2023-29536)

* Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
(CVE-2023-29550)

* Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)

* Thunderbird: Hang when processing certain OpenPGP messages  
(CVE-2023-29479)

* Mozilla: Content-Disposition filename truncation leads to Reflected File  
Download (CVE-2023-29539)

* Mozilla: Files with malicious extensions could have been downloaded  
unsafely on Linux (CVE-2023-29541)

* Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)

* MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2183278 - CVE-2023-28427 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack  
2186101 - CVE-2023-29533 Mozilla: Fullscreen notification obscured  
2186102 - MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp  
2186103 - CVE-2023-29535 Mozilla: Potential Memory Corruption following Garbage Collector compaction  
2186104 - CVE-2023-29536 Mozilla: Invalid free from JavaScript code  
2186105 - CVE-2023-29539 Mozilla: Content-Disposition filename truncation leads to Reflected File Download  
2186106 - CVE-2023-29541 Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux  
2186109 - CVE-2023-1945 Mozilla: Memory Corruption in Safe Browsing Code  
2186110 - CVE-2023-29548 Mozilla: Incorrect optimization result on ARM64  
2186111 - CVE-2023-29550 Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
2186734 - CVE-2023-0547 Thunderbird: Revocation status of S/Mime recipient certificates was not checked  
2186735 - CVE-2023-29479 Thunderbird: Hang when processing certain OpenPGP messages

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
thunderbird-102.10.0-2.el9_0.src.rpm

aarch64:  
thunderbird-102.10.0-2.el9_0.aarch64.rpm  
thunderbird-debuginfo-102.10.0-2.el9_0.aarch64.rpm  
thunderbird-debugsource-102.10.0-2.el9_0.aarch64.rpm

ppc64le:  
thunderbird-102.10.0-2.el9_0.ppc64le.rpm  
thunderbird-debuginfo-102.10.0-2.el9_0.ppc64le.rpm  
thunderbird-debugsource-102.10.0-2.el9_0.ppc64le.rpm

s390x:  
thunderbird-102.10.0-2.el9_0.s390x.rpm  
thunderbird-debuginfo-102.10.0-2.el9_0.s390x.rpm  
thunderbird-debugsource-102.10.0-2.el9_0.s390x.rpm

x86_64:  
thunderbird-102.10.0-2.el9_0.x86_64.rpm  
thunderbird-debuginfo-102.10.0-2.el9_0.x86_64.rpm  
thunderbird-debugsource-102.10.0-2.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0547  
https://access.redhat.com/security/cve/CVE-2023-1945  
https://access.redhat.com/security/cve/CVE-2023-28427  
https://access.redhat.com/security/cve/CVE-2023-29479  
https://access.redhat.com/security/cve/CVE-2023-29533  
https://access.redhat.com/security/cve/CVE-2023-29535  
https://access.redhat.com/security/cve/CVE-2023-29536  
https://access.redhat.com/security/cve/CVE-2023-29539  
https://access.redhat.com/security/cve/CVE-2023-29541  
https://access.redhat.com/security/cve/CVE-2023-29548  
https://access.redhat.com/security/cve/CVE-2023-29550  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZD10mtzjgjWX9erEAQidvw/7Bd+t+ltJmUgpxSxnwaG0AIV8Z3sFApIK  
qoJsWYfvIXrgutr5gnBr6uZ/VbqAEaNeWPU+AnKiLVSOBxNUvRz3bfYS9Yrbqpfn  
KewZKxOzL/lhn2Oip8VWRMfLWzjyHHLIGXPAxAreHQQT0OcLDCIzYMdcbM1X6MuX  
Od8k3uRpI6x7BegTalzO0vtL6L288MTVia7s0Fe71lsjXBh4pJMrKCNV72oX8CCj  
0aFPeQwQXtxczwvdlUTQLh1CgXejrHyNMvw+kV7lcC+6GYUVyLP8bqwkO2fdM7CJ  
6qGU+pNZDY+YXYy40B+KXoU+/2r4hbTDMVTFxCaa3ANB7csgALgsaayID4vWyXlr  
nYiAyiyYh4gg1bFFhg6ZSoCqWDXmdmm/HzxZ5F36qRRtLHL8lwxJhWO3dXAe9dBT  
rc7P/ZdL541p1pFhoarXo4diyHOpDjnuFa+gf0Bm/VNfNbv3CSIKw2cUZmY8cMqp  
800QmP4AzuKtAYWGsj5uVuA9b8VE2mv5TtOWBwODsz8UadJgswOQFsIPgmpFLFy0  
m4w8p/7bZoAWxW+tS38OPWFJOs11s0nsNfSHpTXLIVRwUQrwNt836CED0Aiv11mO  
NiyiBOxIllNDjMbSgzjaN8atHMJUoN9fNuTvWiDPh/i/v+VYrEDTK5kIbeXg+nfn  
1QZAft3jmK4=  
=SpyX  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1810-01

Red Hat Security Advisory 2023-1802-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:1802-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1802  
Issue date:        2023-04-17  
CVE Names:         CVE-2023-0547 CVE-2023-1945 CVE-2023-28427   
                   CVE-2023-29479 CVE-2023-29533 CVE-2023-29535   
                   CVE-2023-29536 CVE-2023-29539 CVE-2023-29541   
                   CVE-2023-29548 CVE-2023-29550   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.10.0.

Security Fix(es):

* Thunderbird: Revocation status of S/Mime recipient certificates was not  
checked (CVE-2023-0547)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to  
denial-of-service attack (CVE-2023-28427)

* Mozilla: Fullscreen notification obscured (CVE-2023-29533)

* Mozilla: Potential Memory Corruption following Garbage Collector  
compaction (CVE-2023-29535)

* Mozilla: Invalid free from JavaScript code (CVE-2023-29536)

* Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
(CVE-2023-29550)

* Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)

* Thunderbird: Hang when processing certain OpenPGP messages  
(CVE-2023-29479)

* Mozilla: Content-Disposition filename truncation leads to Reflected File  
Download (CVE-2023-29539)

* Mozilla: Files with malicious extensions could have been downloaded  
unsafely on Linux (CVE-2023-29541)

* Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)

* MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2183278 - CVE-2023-28427 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack  
2186101 - CVE-2023-29533 Mozilla: Fullscreen notification obscured  
2186102 - MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp  
2186103 - CVE-2023-29535 Mozilla: Potential Memory Corruption following Garbage Collector compaction  
2186104 - CVE-2023-29536 Mozilla: Invalid free from JavaScript code  
2186105 - CVE-2023-29539 Mozilla: Content-Disposition filename truncation leads to Reflected File Download  
2186106 - CVE-2023-29541 Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux  
2186109 - CVE-2023-1945 Mozilla: Memory Corruption in Safe Browsing Code  
2186110 - CVE-2023-29548 Mozilla: Incorrect optimization result on ARM64  
2186111 - CVE-2023-29550 Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
2186734 - CVE-2023-0547 Thunderbird: Revocation status of S/Mime recipient certificates was not checked  
2186735 - CVE-2023-29479 Thunderbird: Hang when processing certain OpenPGP messages

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
thunderbird-102.10.0-2.el8_7.src.rpm

aarch64:  
thunderbird-102.10.0-2.el8_7.aarch64.rpm  
thunderbird-debuginfo-102.10.0-2.el8_7.aarch64.rpm  
thunderbird-debugsource-102.10.0-2.el8_7.aarch64.rpm

ppc64le:  
thunderbird-102.10.0-2.el8_7.ppc64le.rpm  
thunderbird-debuginfo-102.10.0-2.el8_7.ppc64le.rpm  
thunderbird-debugsource-102.10.0-2.el8_7.ppc64le.rpm

s390x:  
thunderbird-102.10.0-2.el8_7.s390x.rpm  
thunderbird-debuginfo-102.10.0-2.el8_7.s390x.rpm  
thunderbird-debugsource-102.10.0-2.el8_7.s390x.rpm

x86_64:  
thunderbird-102.10.0-2.el8_7.x86_64.rpm  
thunderbird-debuginfo-102.10.0-2.el8_7.x86_64.rpm  
thunderbird-debugsource-102.10.0-2.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0547  
https://access.redhat.com/security/cve/CVE-2023-1945  
https://access.redhat.com/security/cve/CVE-2023-28427  
https://access.redhat.com/security/cve/CVE-2023-29479  
https://access.redhat.com/security/cve/CVE-2023-29533  
https://access.redhat.com/security/cve/CVE-2023-29535  
https://access.redhat.com/security/cve/CVE-2023-29536  
https://access.redhat.com/security/cve/CVE-2023-29539  
https://access.redhat.com/security/cve/CVE-2023-29541  
https://access.redhat.com/security/cve/CVE-2023-29548  
https://access.redhat.com/security/cve/CVE-2023-29550  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZD10itzjgjWX9erEAQhTtA/9HWM7LfLFx+M54K1b1FrH0/Xy4Oh7BW1n  
uouSiLU8k+B3udZJEAnHXZmL5szNn0dxOPNWLKNIXa5WuPMM78mKMUWRIXH/Nf2N  
z1zZqS8kmMxka6z7+zkNYRakHJaaaWWy4duMa1j8YlLdu7TLUq9ngtpyBD+5CaRd  
ESla2/tCLS0nMsFenYi9k/PpI1qMGrU9Jc1qTCfqo2lXMz2hOnLJ3BGPy56esTzA  
2MGsXnSBAJ+U9dL10lXIWUrk6jwTy+aTBhnnWN57TGfC96EbiJxAoEKzcs+h0uXv  
rpMjwnDdo8DSp93pPHY8Y75UpQAMKy0wFzy7td0rZcYOZw1YBWliVfcWC3MgcmvJ  
4ik1JqeioHFCphWLTDCEKfeKgzBjEJpSgbyhdWFQvngCORLrj5OU++x6TpG6fytQ  
+dN7ILd8kzNl0LU1alSxXnVKQk50Cghld0IQLeTFb5Z2SkEK23lQVCXZPFzMmzyQ  
WyxoNR+VJkEXkE6VaDty9DGiukICi4XXtv4dKdvCVlGET6loekkTP1QZUog5UMqp  
Wqc503ibGiGCoAfksb6HEnKx6kYqzrF+mdi9u9QJgKn/DK2iTatTw9WQ/qKh/BDe  
Ty0nbK87BybIYgPepbN68cajCUTFX69nHQPCawAa0h6S33661pe9ffmS9MtWJSlW  
5m6aIHbk0Pw=  
=q+6q  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1802-01

Red Hat Security Advisory 2023-1811-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:1811-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1811  
Issue date:        2023-04-17  
CVE Names:         CVE-2023-0547 CVE-2023-1945 CVE-2023-28427   
                   CVE-2023-29479 CVE-2023-29533 CVE-2023-29535   
                   CVE-2023-29536 CVE-2023-29539 CVE-2023-29541   
                   CVE-2023-29548 CVE-2023-29550   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.10.0.

Security Fix(es):

* Thunderbird: Revocation status of S/Mime recipient certificates was not  
checked (CVE-2023-0547)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to  
denial-of-service attack (CVE-2023-28427)

* Mozilla: Fullscreen notification obscured (CVE-2023-29533)

* Mozilla: Potential Memory Corruption following Garbage Collector  
compaction (CVE-2023-29535)

* Mozilla: Invalid free from JavaScript code (CVE-2023-29536)

* Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
(CVE-2023-29550)

* Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)

* Thunderbird: Hang when processing certain OpenPGP messages  
(CVE-2023-29479)

* Mozilla: Content-Disposition filename truncation leads to Reflected File  
Download (CVE-2023-29539)

* Mozilla: Files with malicious extensions could have been downloaded  
unsafely on Linux (CVE-2023-29541)

* Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)

* MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2183278 - CVE-2023-28427 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack  
2186101 - CVE-2023-29533 Mozilla: Fullscreen notification obscured  
2186102 - MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp  
2186103 - CVE-2023-29535 Mozilla: Potential Memory Corruption following Garbage Collector compaction  
2186104 - CVE-2023-29536 Mozilla: Invalid free from JavaScript code  
2186105 - CVE-2023-29539 Mozilla: Content-Disposition filename truncation leads to Reflected File Download  
2186106 - CVE-2023-29541 Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux  
2186109 - CVE-2023-1945 Mozilla: Memory Corruption in Safe Browsing Code  
2186110 - CVE-2023-29548 Mozilla: Incorrect optimization result on ARM64  
2186111 - CVE-2023-29550 Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
2186734 - CVE-2023-0547 Thunderbird: Revocation status of S/Mime recipient certificates was not checked  
2186735 - CVE-2023-29479 Thunderbird: Hang when processing certain OpenPGP messages

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
thunderbird-102.10.0-2.el8_6.src.rpm

aarch64:  
thunderbird-102.10.0-2.el8_6.aarch64.rpm  
thunderbird-debuginfo-102.10.0-2.el8_6.aarch64.rpm  
thunderbird-debugsource-102.10.0-2.el8_6.aarch64.rpm

ppc64le:  
thunderbird-102.10.0-2.el8_6.ppc64le.rpm  
thunderbird-debuginfo-102.10.0-2.el8_6.ppc64le.rpm  
thunderbird-debugsource-102.10.0-2.el8_6.ppc64le.rpm

s390x:  
thunderbird-102.10.0-2.el8_6.s390x.rpm  
thunderbird-debuginfo-102.10.0-2.el8_6.s390x.rpm  
thunderbird-debugsource-102.10.0-2.el8_6.s390x.rpm

x86_64:  
thunderbird-102.10.0-2.el8_6.x86_64.rpm  
thunderbird-debuginfo-102.10.0-2.el8_6.x86_64.rpm  
thunderbird-debugsource-102.10.0-2.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0547  
https://access.redhat.com/security/cve/CVE-2023-1945  
https://access.redhat.com/security/cve/CVE-2023-28427  
https://access.redhat.com/security/cve/CVE-2023-29479  
https://access.redhat.com/security/cve/CVE-2023-29533  
https://access.redhat.com/security/cve/CVE-2023-29535  
https://access.redhat.com/security/cve/CVE-2023-29536  
https://access.redhat.com/security/cve/CVE-2023-29539  
https://access.redhat.com/security/cve/CVE-2023-29541  
https://access.redhat.com/security/cve/CVE-2023-29548  
https://access.redhat.com/security/cve/CVE-2023-29550  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZD10itzjgjWX9erEAQjkRRAAggm0nuP8fUP9k5i+20dnw+YL793E35So  
MwXkoWKozoYVOF8Ijnzs6Dk6En8OeFEizDwUXyuG0VfjDAvDlyqqfcygjiBknFGk  
EQ+aBHz2WrRaHMuPxvklDmcrAY/ILmN+VMb2dgIYf99MxBq1kuul7b+tCufN8ISY  
VYA70HpsFZWcRblvU6R0IOIFknAz+I4UnhLwo5146vr1pZ+F48qjeSLKT1wnjxLB  
fGZFk603Kbou0VtDkwaHOJYYT4ImEjSmBFfifZBCqtAL5CnoXsla9gFdWFYACMfM  
A4bWlVanNeKQZI3pIqOMBi8qjK4QdMXtlKG7P4PuVtGL/0XyI6tAkoHlq2vmK+pG  
Hb9aYDakuWAkirq8jtUgu3folXjJEzucffifc5yUhpsqiRMtkFNENF9UchO6dhvk  
kA2iv/5yI393YkdjHrbieP1Gv+LpM3k9HaOGiyXp98O5GsoLHqpdJwbyor0gD4dt  
GAz7NsBFhiCatq7AU21fF+bRwv+GJ2Dao5+A/KT4HTpoaW8v+q1cdmTBD2sau1If  
MV/3RgAzO/+qS6twLTk7UlfUYzGtZ6wasLkaasdgFEvn9BMYr/uGQXFMVeQIVKS+  
afkFa47ba95QJpdl5EEiPta1W2XCPYGqiCfHRIMok94PyYHQZC/opnen5jD/wDTD  
VgV3QIIFIuA=  
=WomZ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1811-01

Red Hat Security Advisory 2023-1804-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:1804-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1804  
Issue date:        2023-04-17  
CVE Names:         CVE-2023-0547 CVE-2023-1945 CVE-2023-28427   
                   CVE-2023-29479 CVE-2023-29533 CVE-2023-29535   
                   CVE-2023-29536 CVE-2023-29539 CVE-2023-29541   
                   CVE-2023-29548 CVE-2023-29550   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.10.0.

Security Fix(es):

* Thunderbird: Revocation status of S/Mime recipient certificates was not  
checked (CVE-2023-0547)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to  
denial-of-service attack (CVE-2023-28427)

* Mozilla: Fullscreen notification obscured (CVE-2023-29533)

* Mozilla: Potential Memory Corruption following Garbage Collector  
compaction (CVE-2023-29535)

* Mozilla: Invalid free from JavaScript code (CVE-2023-29536)

* Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
(CVE-2023-29550)

* Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)

* Thunderbird: Hang when processing certain OpenPGP messages  
(CVE-2023-29479)

* Mozilla: Content-Disposition filename truncation leads to Reflected File  
Download (CVE-2023-29539)

* Mozilla: Files with malicious extensions could have been downloaded  
unsafely on Linux (CVE-2023-29541)

* Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)

* MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2183278 - CVE-2023-28427 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack  
2186101 - CVE-2023-29533 Mozilla: Fullscreen notification obscured  
2186102 - MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp  
2186103 - CVE-2023-29535 Mozilla: Potential Memory Corruption following Garbage Collector compaction  
2186104 - CVE-2023-29536 Mozilla: Invalid free from JavaScript code  
2186105 - CVE-2023-29539 Mozilla: Content-Disposition filename truncation leads to Reflected File Download  
2186106 - CVE-2023-29541 Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux  
2186109 - CVE-2023-1945 Mozilla: Memory Corruption in Safe Browsing Code  
2186110 - CVE-2023-29548 Mozilla: Incorrect optimization result on ARM64  
2186111 - CVE-2023-29550 Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
2186734 - CVE-2023-0547 Thunderbird: Revocation status of S/Mime recipient certificates was not checked  
2186735 - CVE-2023-29479 Thunderbird: Hang when processing certain OpenPGP messages

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
thunderbird-102.10.0-2.el8_4.src.rpm

aarch64:  
thunderbird-102.10.0-2.el8_4.aarch64.rpm  
thunderbird-debuginfo-102.10.0-2.el8_4.aarch64.rpm  
thunderbird-debugsource-102.10.0-2.el8_4.aarch64.rpm

ppc64le:  
thunderbird-102.10.0-2.el8_4.ppc64le.rpm  
thunderbird-debuginfo-102.10.0-2.el8_4.ppc64le.rpm  
thunderbird-debugsource-102.10.0-2.el8_4.ppc64le.rpm

s390x:  
thunderbird-102.10.0-2.el8_4.s390x.rpm  
thunderbird-debuginfo-102.10.0-2.el8_4.s390x.rpm  
thunderbird-debugsource-102.10.0-2.el8_4.s390x.rpm

x86_64:  
thunderbird-102.10.0-2.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.10.0-2.el8_4.x86_64.rpm  
thunderbird-debugsource-102.10.0-2.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0547  
https://access.redhat.com/security/cve/CVE-2023-1945  
https://access.redhat.com/security/cve/CVE-2023-28427  
https://access.redhat.com/security/cve/CVE-2023-29479  
https://access.redhat.com/security/cve/CVE-2023-29533  
https://access.redhat.com/security/cve/CVE-2023-29535  
https://access.redhat.com/security/cve/CVE-2023-29536  
https://access.redhat.com/security/cve/CVE-2023-29539  
https://access.redhat.com/security/cve/CVE-2023-29541  
https://access.redhat.com/security/cve/CVE-2023-29548  
https://access.redhat.com/security/cve/CVE-2023-29550  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZD10itzjgjWX9erEAQgIIg/9EDQy3oWd6HDwFutrYaGN+h1dZ6Dnf+ea  
h4rChHY9/eHUO7FJhBRjqjzCzzLV5MzT1SuryDLokWrfisjyg1AygOcIvVaWMnWq  
LBZnTwQgk6JniNEawaPkT7hmzRtma0hsIPLkjArWMnW+KIqWgheGniMVLIzpe+7G  
O89K+fQ+oVJoWZSEaigtiHdlZ4UtfRnbC8VtATXKuKHmmby/xgJDMULUT1fZ8MZU  
qKlmXz6Nv2bJF6qnP4lqWTRUGtoJajgZAT0SkaORnOfb2EN9LlT4K4XvnyXiwoWK  
WYp6BLTl0Cu4lSzwQxxhbnqZ9Lo9HuJd+tHDJGic+8Oa+YWk778MknEwL7uxdxKq  
H1QwSFGswV7eaY2wtjrXHDhOcX4pI6RrevvzqIjQx9gaJswcl18stO2gbBMVZK/O  
NhoGCKAqR+pKqQusOUCUr1XVpYizgIdGJPD9O7f3TP3WEm4CK7LnxRS9bDaKqMQm  
vv4ey49HNIGjjRHD2PVGjbdAYRrcmuldvDANZAapQukahSHM7OXb/ybsCAItFln/  
dNsvi/80OAmnrLfa0lU96XOh3rdKtbLi/Ba0JHRtXbSrPQGfxgfm3dkpQ2H7zXDf  
mPxb/0gFy5GiGhWOwGkkbc63rrV1vVWk5AmtWRav7cn1VPRLLDhywA4WNytTeAUT  
m+Ezp/YgoEU=  
=fckB  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1804-01

Red Hat Security Advisory 2023-1803-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:1803-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1803  
Issue date:        2023-04-17  
CVE Names:         CVE-2023-0547 CVE-2023-1945 CVE-2023-28427   
                   CVE-2023-29479 CVE-2023-29533 CVE-2023-29535   
                   CVE-2023-29536 CVE-2023-29539 CVE-2023-29541   
                   CVE-2023-29548 CVE-2023-29550   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.10.0.

Security Fix(es):

* Thunderbird: Revocation status of S/Mime recipient certificates was not  
checked (CVE-2023-0547)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to  
denial-of-service attack (CVE-2023-28427)

* Mozilla: Fullscreen notification obscured (CVE-2023-29533)

* Mozilla: Potential Memory Corruption following Garbage Collector  
compaction (CVE-2023-29535)

* Mozilla: Invalid free from JavaScript code (CVE-2023-29536)

* Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
(CVE-2023-29550)

* Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)

* Thunderbird: Hang when processing certain OpenPGP messages  
(CVE-2023-29479)

* Mozilla: Content-Disposition filename truncation leads to Reflected File  
Download (CVE-2023-29539)

* Mozilla: Files with malicious extensions could have been downloaded  
unsafely on Linux (CVE-2023-29541)

* Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)

* MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2183278 - CVE-2023-28427 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack  
2186101 - CVE-2023-29533 Mozilla: Fullscreen notification obscured  
2186102 - MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp  
2186103 - CVE-2023-29535 Mozilla: Potential Memory Corruption following Garbage Collector compaction  
2186104 - CVE-2023-29536 Mozilla: Invalid free from JavaScript code  
2186105 - CVE-2023-29539 Mozilla: Content-Disposition filename truncation leads to Reflected File Download  
2186106 - CVE-2023-29541 Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux  
2186109 - CVE-2023-1945 Mozilla: Memory Corruption in Safe Browsing Code  
2186110 - CVE-2023-29548 Mozilla: Incorrect optimization result on ARM64  
2186111 - CVE-2023-29550 Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
2186734 - CVE-2023-0547 Thunderbird: Revocation status of S/Mime recipient certificates was not checked  
2186735 - CVE-2023-29479 Thunderbird: Hang when processing certain OpenPGP messages

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-102.10.0-2.el8_1.src.rpm

ppc64le:  
thunderbird-102.10.0-2.el8_1.ppc64le.rpm  
thunderbird-debuginfo-102.10.0-2.el8_1.ppc64le.rpm  
thunderbird-debugsource-102.10.0-2.el8_1.ppc64le.rpm

x86_64:  
thunderbird-102.10.0-2.el8_1.x86_64.rpm  
thunderbird-debuginfo-102.10.0-2.el8_1.x86_64.rpm  
thunderbird-debugsource-102.10.0-2.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0547  
https://access.redhat.com/security/cve/CVE-2023-1945  
https://access.redhat.com/security/cve/CVE-2023-28427  
https://access.redhat.com/security/cve/CVE-2023-29479  
https://access.redhat.com/security/cve/CVE-2023-29533  
https://access.redhat.com/security/cve/CVE-2023-29535  
https://access.redhat.com/security/cve/CVE-2023-29536  
https://access.redhat.com/security/cve/CVE-2023-29539  
https://access.redhat.com/security/cve/CVE-2023-29541  
https://access.redhat.com/security/cve/CVE-2023-29548  
https://access.redhat.com/security/cve/CVE-2023-29550  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZD10etzjgjWX9erEAQgoWg//ZdG9NsxRqlXXcdET5HAq4jqCmDXBSUPE  
wnrf+TbI5SL/LxFr3MXvutQ6YQt+8Vj1oWIKtZBu0bdNfBJHsL5ulbIjb0LDhEYA  
4sElGmjbQvQfiMVNlyc3Oa88Yf169oAu/iSo2YP46eQsxl8cgnGk/iTmPyqhcU5S  
cBjNQIxVXxS/fi+CWp6JxttgFlPl4uAEGntVgRuVWq2FCGllpNkh4n0HsmX1jMJX  
II/8gBRKEjH75iO3wKhEVlD0pKXG2eAbTpIpkght7pCOqMKTKKK1IY1ED9bUlfoF  
GEaJ1v/2l3J4/KFo7kBwsBeUQFa1xKveSkdjASsVvgRaoBsbYq7foDFsncLPXYrW  
H7uYMGJ5xsDoYsVlD1lf0hL9umriV0EJemImPxAkR23MtelfUroC4p9T5lTmEeQO  
8h8e5Jc01ueOi0uvNu5YrRgxKxvEFaJVAcEcbVmYYzfFWgXx52EQx8FwfdummIBf  
hCiMotEbWH+V8DpC9Zi9kiuM1nPX3JOXQPygL3FckM1hmuxWSaBb8f6ZzFwdI+nd  
mlB3Sw5pG97+Lk1HLoIx3a+D0Mdbh0H0cIpCLMUd7AOi7qlGudi8eUUTISlpDyh8  
5+AlC9safxNgrQfroNPmZhnATIIF9AJbTxOXTjH0IGLhBQfF9Ll9upjIEC4nefGO  
iQy7+eESwjY=  
=tWkP  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1803-01

Red Hat Security Advisory 2023-1806-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:1806-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1806  
Issue date:        2023-04-17  
CVE Names:         CVE-2023-0547 CVE-2023-1945 CVE-2023-28427   
                   CVE-2023-29479 CVE-2023-29533 CVE-2023-29535   
                   CVE-2023-29536 CVE-2023-29539 CVE-2023-29541   
                   CVE-2023-29548 CVE-2023-29550   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.10.0.

Security Fix(es):

* Thunderbird: Revocation status of S/Mime recipient certificates was not  
checked (CVE-2023-0547)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to  
denial-of-service attack (CVE-2023-28427)

* Mozilla: Fullscreen notification obscured (CVE-2023-29533)

* Mozilla: Potential Memory Corruption following Garbage Collector  
compaction (CVE-2023-29535)

* Mozilla: Invalid free from JavaScript code (CVE-2023-29536)

* Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
(CVE-2023-29550)

* Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)

* Thunderbird: Hang when processing certain OpenPGP messages  
(CVE-2023-29479)

* Mozilla: Content-Disposition filename truncation leads to Reflected File  
Download (CVE-2023-29539)

* Mozilla: Files with malicious extensions could have been downloaded  
unsafely on Linux (CVE-2023-29541)

* Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)

* MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2183278 - CVE-2023-28427 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack  
2186101 - CVE-2023-29533 Mozilla: Fullscreen notification obscured  
2186102 - MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp  
2186103 - CVE-2023-29535 Mozilla: Potential Memory Corruption following Garbage Collector compaction  
2186104 - CVE-2023-29536 Mozilla: Invalid free from JavaScript code  
2186105 - CVE-2023-29539 Mozilla: Content-Disposition filename truncation leads to Reflected File Download  
2186106 - CVE-2023-29541 Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux  
2186109 - CVE-2023-1945 Mozilla: Memory Corruption in Safe Browsing Code  
2186110 - CVE-2023-29548 Mozilla: Incorrect optimization result on ARM64  
2186111 - CVE-2023-29550 Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
2186734 - CVE-2023-0547 Thunderbird: Revocation status of S/Mime recipient certificates was not checked  
2186735 - CVE-2023-29479 Thunderbird: Hang when processing certain OpenPGP messages

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
thunderbird-102.10.0-2.el7_9.src.rpm

x86_64:  
thunderbird-102.10.0-2.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.10.0-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
thunderbird-102.10.0-2.el7_9.src.rpm

ppc64le:  
thunderbird-102.10.0-2.el7_9.ppc64le.rpm  
thunderbird-debuginfo-102.10.0-2.el7_9.ppc64le.rpm

x86_64:  
thunderbird-102.10.0-2.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.10.0-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
thunderbird-102.10.0-2.el7_9.src.rpm

x86_64:  
thunderbird-102.10.0-2.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.10.0-2.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0547  
https://access.redhat.com/security/cve/CVE-2023-1945  
https://access.redhat.com/security/cve/CVE-2023-28427  
https://access.redhat.com/security/cve/CVE-2023-29479  
https://access.redhat.com/security/cve/CVE-2023-29533  
https://access.redhat.com/security/cve/CVE-2023-29535  
https://access.redhat.com/security/cve/CVE-2023-29536  
https://access.redhat.com/security/cve/CVE-2023-29539  
https://access.redhat.com/security/cve/CVE-2023-29541  
https://access.redhat.com/security/cve/CVE-2023-29548  
https://access.redhat.com/security/cve/CVE-2023-29550  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIUAwUBZD10etzjgjWX9erEAQiF6A/2PwhhmpNPwyA79IvNM5bnhn2PKs1laUJE  
tr2IrYiFlIYSOAGpkQm1GPuRUJYoYFE+54hH0CJ8bIR77RO/wLakNaQXh4qB+lVs  
w1dSa4otkCwzv9Jj7FHoRHKlx0hDIzs1HldNXInwktdgshmXaxdL7q7y62yGhwr9  
uuNA4ZSpIpw49ALddJww8UQTI02SGWSvrMByOE8NrY2hO+9GHeOKQpFe8W+7nXRM  
FXwWyNwqtar8sV8hoJdNszhyVn1tqRbxj4XK3vADmKvmIzSlJ4+JzmSIhjKvKxxZ  
7z5euAQcG79mhD7Yp5gfhX7+XGmfEZYlyCxrrzUiF9AZqikP/SwvqbaefL7oumV9  
qBSrmGA3bTj9KOH24aV5DneYkNWdZVgDd2SnTzguM95aL4LDgG+ouezFHpNltRgQ  
gmWfMC4K0g2QE+LWuV+fRu/HxcViQVcjZChIL+2px4vCsiD1Vm+DpdqTUzugQj0W  
COuj7E5HeSSgbGXpi3Z6z9RIofuHg2tHK7HJO7MDyTcKshcFhW17QQV3HVHqEUr3  
WXYPC6Vkv3I+j9s+IyRsFuVqz6hJ7q9VyWff9HOleKJqYhFlucHGlrWxyr5gF2Cq  
StnQZHNLe1n6wy+4bIVZwDCd4z+OIZhDnTBgbyylnrdtKv/0lmDFUi500xRlfZKl  
qXwNc5Tz2A==  
=cL0d  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1806-01

Red Hat Security Advisory 2023-1805-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:1805-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1805  
Issue date:        2023-04-17  
CVE Names:         CVE-2023-0547 CVE-2023-1945 CVE-2023-28427   
                   CVE-2023-29479 CVE-2023-29533 CVE-2023-29535   
                   CVE-2023-29536 CVE-2023-29539 CVE-2023-29541   
                   CVE-2023-29548 CVE-2023-29550   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.10.0.

Security Fix(es):

* Thunderbird: Revocation status of S/Mime recipient certificates was not  
checked (CVE-2023-0547)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to  
denial-of-service attack (CVE-2023-28427)

* Mozilla: Fullscreen notification obscured (CVE-2023-29533)

* Mozilla: Potential Memory Corruption following Garbage Collector  
compaction (CVE-2023-29535)

* Mozilla: Invalid free from JavaScript code (CVE-2023-29536)

* Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
(CVE-2023-29550)

* Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)

* Thunderbird: Hang when processing certain OpenPGP messages  
(CVE-2023-29479)

* Mozilla: Content-Disposition filename truncation leads to Reflected File  
Download (CVE-2023-29539)

* Mozilla: Files with malicious extensions could have been downloaded  
unsafely on Linux (CVE-2023-29541)

* Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)

* MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2183278 - CVE-2023-28427 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack  
2186101 - CVE-2023-29533 Mozilla: Fullscreen notification obscured  
2186102 - MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp  
2186103 - CVE-2023-29535 Mozilla: Potential Memory Corruption following Garbage Collector compaction  
2186104 - CVE-2023-29536 Mozilla: Invalid free from JavaScript code  
2186105 - CVE-2023-29539 Mozilla: Content-Disposition filename truncation leads to Reflected File Download  
2186106 - CVE-2023-29541 Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux  
2186109 - CVE-2023-1945 Mozilla: Memory Corruption in Safe Browsing Code  
2186110 - CVE-2023-29548 Mozilla: Incorrect optimization result on ARM64  
2186111 - CVE-2023-29550 Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
2186734 - CVE-2023-0547 Thunderbird: Revocation status of S/Mime recipient certificates was not checked  
2186735 - CVE-2023-29479 Thunderbird: Hang when processing certain OpenPGP messages

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
thunderbird-102.10.0-2.el8_2.src.rpm

aarch64:  
thunderbird-102.10.0-2.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.10.0-2.el8_2.aarch64.rpm  
thunderbird-debugsource-102.10.0-2.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.10.0-2.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.10.0-2.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.10.0-2.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.10.0-2.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.10.0-2.el8_2.x86_64.rpm  
thunderbird-debugsource-102.10.0-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
thunderbird-102.10.0-2.el8_2.src.rpm

aarch64:  
thunderbird-102.10.0-2.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.10.0-2.el8_2.aarch64.rpm  
thunderbird-debugsource-102.10.0-2.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.10.0-2.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.10.0-2.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.10.0-2.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.10.0-2.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.10.0-2.el8_2.x86_64.rpm  
thunderbird-debugsource-102.10.0-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
thunderbird-102.10.0-2.el8_2.src.rpm

aarch64:  
thunderbird-102.10.0-2.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.10.0-2.el8_2.aarch64.rpm  
thunderbird-debugsource-102.10.0-2.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.10.0-2.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.10.0-2.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.10.0-2.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.10.0-2.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.10.0-2.el8_2.x86_64.rpm  
thunderbird-debugsource-102.10.0-2.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0547  
https://access.redhat.com/security/cve/CVE-2023-1945  
https://access.redhat.com/security/cve/CVE-2023-28427  
https://access.redhat.com/security/cve/CVE-2023-29479  
https://access.redhat.com/security/cve/CVE-2023-29533  
https://access.redhat.com/security/cve/CVE-2023-29535  
https://access.redhat.com/security/cve/CVE-2023-29536  
https://access.redhat.com/security/cve/CVE-2023-29539  
https://access.redhat.com/security/cve/CVE-2023-29541  
https://access.redhat.com/security/cve/CVE-2023-29548  
https://access.redhat.com/security/cve/CVE-2023-29550  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZD10etzjgjWX9erEAQgiexAAi0gjrSD6gHpYVamfsetNsBvwiSwK4c8j  
XOLykTM60aNTW2GY/MZPAQ0qKi3hpcIuMeusx0qLwu93CkgFnSAKla/BITIZGExw  
FIcDuNmjSjupXrpgFnOLB4mdWE9IaVf9VjFyixBh5nFWMaI5VQzCRi/RtQVqNJdy  
ZPhL4H12Pc8Nfv/YfidYi3X+VTsoJGzOtxIfjJkP/19IZji2anWeMM71KqI77ktU  
JuT15BWxOsleI8kYqZKzC4q4b9DbeAKVG3Pu5yrEnycH27+yjfP+Um08W2nXzh3p  
PmsD/blrES7H+Qsg1y4MdcVJyfISx7tAkQBBInp4xtLN1nRTNRFZalv8AtwM/seM  
e+7jBxs96XZ+2boUpsT8C9nMdh+u5kxMODVTRUPwERF+bdl23/agPMBAEjAwYr47  
G4AOfk4GVfSJZCTg7HDSLiR1nAtnOnES7uYszuIYh4865WFspzxT/8wriyrooiED  
8h15uzVPlc+XJJdMzo1Y6UR2YnepyQCgzvyxRHpJZ4QidTX1mAOkCMtkcwP7vtbZ  
3lPTLMc7So4TBinHZTjVC5bpYAvA5esx8QTLQLkp+QVF9BgduYYLEP56jAGcfkcv  
yZ/xsewmJCdrrmdNXKeNYu5/3D3X99vlmLsjd18GO/OmL75rUNwvqeHLMVzcSafV  
TEpNZnGVKGI=  
=Ue/5  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1805-01

Categories: News
Tags: Some tips that can enhance your browser's speed

Tags:  so you have more time to enjoy the outdoors

Some tips that can enhance your browser's speed, so you have more time to enjoy the outdoors.



(Read more...)




The post Spring cleaning tips for your browser appeared first on Malwarebytes Labs.

When you are resting up from the physical part of your spring cleaning and you’re sitting behind your laptop or swiping left on your phone, why don’t you speed up your browsing experience with a few simple actions?

Let’s start with your browser, as that usually has the most impact on your perception of how “fast” your device is. In this post we will focus on the settings for Chrome since that is the browser with the biggest market share, but many browsers (like Edge) will have the same settings because they are based on the same Chromium codebase or they will have very similar settings (Firefox). We'll also mention where you can find similar or the same settings in Safari, if available. These will be shown in red.

There may be slight differences in the methodology and screenshots, based on the type of device, the operating system, your language settings, and maybe even the manufacturer of your device, but the basics should be pretty much the same as the Windows-based methods and screenshots shown in this post.

**Backups**

Before we start let’s take some precautions to minimize the chance of having regrets about our actions afterwards.

1\. Backup your currently open bookmarks: More (three dots) > **Bookmarks** > **Bookmark all tabs…** (Safari: In the Menu bar > select **Bookmarks** > then choose **Add Bookmarks for these {number of open} Tabs**.)

This will create a Set of bookmarks of the currently open tabs.

You will see a prompt where you can provide a name for this set of bookmarks. Something with the date in it would make it easier to find if you plan to do this more often.

Name that set and save it by clicking the **Save** button.

2\. Exporting your data can be used to synchronize your browser between devices, but it can also be used as a backup for your data.

To create a backup click on More (three dots) > **Settings** > **Turn on sync…** Then log in to your Google account and access sync settings by clicking on Settings:

(Safari: click the Apple menu in the top left corner of your screen. Then click **System Preferences** > Click **iCloud** > select the checkbox next to **Safari**.)

Then select **Manage what you sync** and turn on **Sync everything** if it’s disabled, or make a custom selection of what you want to back up.

Once you’ve decided what to sync, it’s all automatically available across devices, as long as you sign in with the same Google account. When push comes to shove you can use this as a backup to restore your browser. If you were not using sync between devices before you started, you may want to turn it off once you are satisfied everything went well.

**Speeding up**

1\. Check if you have the latest version of Google Chrome. Updates not only introduce new features, they also improve security and fix bugs.

Under More (three dots) > **Help** > **About Google Chrome** you can find what version you are on. If there is an update available, Chrome will download and install it. When it’s done you need to **relaunch** the browser to complete the update. 

Safari: Go to the Apple menu > **System Settings** > click on **Software Update** > if updates are available click **Restart Now** to install them. Once your macOS has updated, Safari will be up to date too.

2\. Close some of those tabs that open every time you start your browser. Each site will take some time to load and that slows down your browser. Remember, you can create a set of sites that you need every day and the rest can be moved to your bookmarks so you can always find them.

Now you can start closing tabs and create a set of tabs that you would like to start your sessions with. Once all the unnecessary tabs are closed, click on More (three dots) > **Settings** > **On startup**. Select **Open a specific page or set of pages**.

Click on **Use current pages** and the currently open tabs will be the ones you see at the start of every browser session.

Safari: open the tabs you want to start with and use the method outlined under backups to create a set of bookmarks. Name that set of bookmarks, for example “Startup”. Go to **Safari menu** > **Preferences** > select **Choose tabs folder** from the **New windows open with** drop-down list. Select the folder of bookmarks (e.g. Startup) you created. Then, click **Choose****.**

3\. Under **Performance** > **Memory Saver** you can find another way to minimize the impact of your open tabs. When on, Chrome frees up memory from inactive tabs. This gives active tabs and other apps more computer resources and keeps Chrome fast. Your inactive tabs automatically become active again when you go back to them. 

4\. Clean out some clutter you have picked up over time. Click on More (three dots) > **Settings** > **Privacy and security**. Click on **Clear browsing data**. This will open a prompt where you can select which data to clear. The top four are usually the ones you will want to clear. If you are using Chrome as a password manager you will certainly want to leave the fifth one unchecked.

Cookie warning: if you delete all your cookies, you will find that you will have to log in on several sites, so have your password manager ready or be selective about which cookies to delete. If you uncheck **Cookies and other site data** here, you can select which ones to delete if you click More (three dots) > **Settings** > **Privacy and security** > **Cookies and other site data** > **See all site data and permissions**. This allows you to go over a complete list and make more granular decisions. You can use the trash can symbol behind each site’s symbol to remove the site data and permissions.

Or use the dropdown arrow to have even more options.

Safari: Click the Safari menu > **Clear History...** > in the **Clear field** choose **All History** > click **Clear History**.

5\. When it comes to browser extensions that you only use occasionally, you might consider disabling them until you need them. And if you no longer use them at all, remove them. Depending on the type of extension, the difference in surfing speed can be noticeable.

Click More (three dots) > **Settings** > **Extensions** to see an overview of the currently installed browser extensions.

The one(s) with the slide to the right (showing blue) are enabled and the one(s) with the slider to the left (showing in grey) are disabled. Any unwanted or no longer needed extensions can be removed by clicking on the **Remove** button in the extension’s tile.

Safari: Choose **Safari** \> **Settings > Extensions**. To turn off an extension, deselect its checkbox. To uninstall an extension, select the extension and click the **Uninstall** button.

6\. Preload your pages. Click More (three dots) > **Settings** > **Privacy and security** > **Cookies and other site data**. Here you can turn on **Preload pages for faster browsing and searching**.

7\. Scan your device with Malwarebytes to see if any malware is lurking on it. Clearing up any malware on your system is a surefire way to speed it up. And it means you are safer, too!

If you came here looking for a resolution for an extremely slow browser and all of the above didn’t help, there could be other reasons at play. You can try resetting Chrome to default or even uninstall and re-install Chrome.

If a certain site isn’t working properly, you can also try opening the site in an Incognito window. Click More (three dots) and then **New Incognito Window**. Then copy and paste the URL of the problem site in the address bar and see if it works now. If it does solve the issue, then circle back to point 4 and remove all the cookies and data of the domain that the problem site belongs to.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Spring cleaning tips for your browser

Red Hat Security Advisory 2023-1788-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Issues addressed include double free and file download vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:1788-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1788  
Issue date:        2023-04-14  
CVE Names:         CVE-2023-1945 CVE-2023-29533 CVE-2023-29535   
                   CVE-2023-29536 CVE-2023-29539 CVE-2023-29541   
                   CVE-2023-29548 CVE-2023-29550   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.10.0 ESR.

Security Fix(es):

* MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)

* Mozilla: Fullscreen notification obscured (CVE-2023-29533)

* Mozilla: Potential Memory Corruption following Garbage Collector  
compaction (CVE-2023-29535)

* Mozilla: Invalid free from JavaScript code (CVE-2023-29536)

* Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10  
(CVE-2023-29550)

* Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)

* Mozilla: Content-Disposition filename truncation leads to Reflected File  
Download (CVE-2023-29539)

* Mozilla: Files with malicious extensions could have been downloaded  
unsafely on Linux (CVE-2023-29541)

* Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2186101 - CVE-2023-29533 Mozilla: Fullscreen notification obscured  
2186102 - MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp  
2186103 - CVE-2023-29535 Mozilla: Potential Memory Corruption following Garbage Collector compaction  
2186104 - CVE-2023-29536 Mozilla: Invalid free from JavaScript code  
2186105 - CVE-2023-29539 Mozilla: Content-Disposition filename truncation leads to Reflected File Download  
2186106 - CVE-2023-29541 Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux  
2186109 - CVE-2023-1945 Mozilla: Memory Corruption in Safe Browsing Code  
2186110 - CVE-2023-29548 Mozilla: Incorrect optimization result on ARM64  
2186111 - CVE-2023-29550 Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
firefox-102.10.0-1.el8_6.src.rpm

aarch64:  
firefox-102.10.0-1.el8_6.aarch64.rpm  
firefox-debuginfo-102.10.0-1.el8_6.aarch64.rpm  
firefox-debugsource-102.10.0-1.el8_6.aarch64.rpm

ppc64le:  
firefox-102.10.0-1.el8_6.ppc64le.rpm  
firefox-debuginfo-102.10.0-1.el8_6.ppc64le.rpm  
firefox-debugsource-102.10.0-1.el8_6.ppc64le.rpm

s390x:  
firefox-102.10.0-1.el8_6.s390x.rpm  
firefox-debuginfo-102.10.0-1.el8_6.s390x.rpm  
firefox-debugsource-102.10.0-1.el8_6.s390x.rpm

x86_64:  
firefox-102.10.0-1.el8_6.x86_64.rpm  
firefox-debuginfo-102.10.0-1.el8_6.x86_64.rpm  
firefox-debugsource-102.10.0-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1945  
https://access.redhat.com/security/cve/CVE-2023-29533  
https://access.redhat.com/security/cve/CVE-2023-29535  
https://access.redhat.com/security/cve/CVE-2023-29536  
https://access.redhat.com/security/cve/CVE-2023-29539  
https://access.redhat.com/security/cve/CVE-2023-29541  
https://access.redhat.com/security/cve/CVE-2023-29548  
https://access.redhat.com/security/cve/CVE-2023-29550  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDmAENzjgjWX9erEAQgrCQ//WBc6rWeUec4ycyr4FwzHTp+eQBBlof2g  
ICwH3S5KNgsVsALALsyhdYnUBiPH6bEDGbmyyNcwPEd2SAvyfuhuP92RRKqYRc0J  
oIl8O70mkdYORo0NFIggGd/E6HtYYGe2Ut73QIh/4Hdl65RCb9F679kpEgNV9xFE  
uLxYD6bmDxNjlK99XmcHUAZ+EqE65jBIFnM6hDHSwrHqAQk5TW3ITIDn8OTbTlwH  
puuL3MnqFUVpxx7IC/aYgfnv2G2IwarUoYVJZazI5XKpnsEeGJeMW8wxDsUa45/Q  
lLYPk1rLkWL2yoVcTQr4xHoY0GZZzm55Zn2a0CLXN3ltvNy9Yf+jpJZGn36nh2s3  
oQ0ANFCkY0OqFncK0VzGSWlh6eVZp2QAyg68W7+NbsB4Po22rUORFV3ZLO87kQoT  
tnfG5dUMufBTYAJjX/E50I55+3hqdvDbFS6NA1dwq8ZiOyLxhAkOXNy3jwbX/VKo  
kHEdfax5kzLC3HrL1fGXwMXKDkiaAQHKEfMpPDcswKT5f7biQmgcjl+tbs6xl5lT  
I40Hc//RFV9VAIISGvS9ERnoqLmCoHU5AG7HEAHosCPzk3+wpw/vRduLuVnVMZtK  
N4z8oZhM55T9+ZeELSeE+QAtfrOvcQz3Q/ACc9gqxn4TOOMRkWPQ7ib7aZ/zkaPD  
oRi1SfjQfLQ=  
=YrqP  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#firefox