VYPR

rpm package

almalinux/thunderbird

pkg:rpm/almalinux/thunderbird

Vulnerabilities (572)

  • CVE-2023-23599Jun 2, 2023
    affected < 102.7.1-1.el8_7.almafixed 102.7.1-1.el8_7.alma

    When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.

  • CVE-2023-23598Jun 2, 2023
    affected < 102.7.1-1.el8_7.almafixed 102.7.1-1.el8_7.alma

    Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to `DataTransfer.setData`. This vulnerability affects Firefox < 109, Firefox ESR <

  • CVE-2023-1945Jun 2, 2023
    affected < 102.10.0-2.el8_7.almafixed 102.10.0-2.el8_7.alma

    Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10.

  • CVE-2023-0767Jun 2, 2023
    affected < 102.8.0-2.el8_7.almafixed 102.8.0-2.el8_7.alma

    An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

  • CVE-2023-0616Jun 2, 2023
    affected < 102.8.0-2.el8_7.almafixed 102.8.0-2.el8_7.alma

    If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted mess

  • CVE-2023-0547Jun 2, 2023
    affected < 102.10.0-2.el8_7.almafixed 102.10.0-2.el8_7.alma

    OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10.

  • CVE-2023-0430Jun 2, 2023
    affected < 102.7.1-2.el8_7.almafixed 102.7.1-2.el8_7.alma

    Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird <

  • CVE-2023-29479Apr 24, 2023
    affected < 102.10.0-2.el8_7.almafixed 102.10.0-2.el8_7.alma

    Ribose RNP before 0.16.3 may hang when the input is malformed.

  • CVE-2023-28427Mar 28, 2023
    affected < 102.10.0-2.el8_7.almafixed 102.10.0-2.el8_7.alma

    matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to

  • CVE-2022-36059Mar 28, 2023
    affected < 102.3.0-3.el8_6.almafixed 102.3.0-3.el8_6.alma

    matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to

  • CVE-2022-46882Dec 22, 2022
    affected < 102.6.0-2.el8_7.almafixed 102.6.0-2.el8_7.alma

    A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6.

  • CVE-2022-46881Dec 22, 2022
    affected < 102.6.0-2.el8_7.almafixed 102.6.0-2.el8_7.alma

    An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original relea

  • CVE-2022-46880Dec 22, 2022
    affected < 102.6.0-2.el8_7.almafixed 102.6.0-2.el8_7.alma

    A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105.

  • CVE-2022-46878Dec 22, 2022
    affected < 102.6.0-2.el8_7.almafixed 102.6.0-2.el8_7.alma

    Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploi

  • CVE-2022-46877Dec 22, 2022
    affected < 102.7.1-1.el8_7.almafixed 102.7.1-1.el8_7.alma

    By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108.

  • CVE-2022-46874Dec 22, 2022
    affected < 102.6.0-2.el8_7.almafixed 102.6.0-2.el8_7.alma

    A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.*Note*: This issue was originally included in the adv

  • CVE-2022-46872Dec 22, 2022
    affected < 102.6.0-2.el8_7.almafixed 102.6.0-2.el8_7.alma

    An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108,

  • CVE-2022-46871Dec 22, 2022
    affected < 102.7.1-1.el8_7.almafixed 102.7.1-1.el8_7.alma

    An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.

  • CVE-2022-45421Dec 22, 2022
    affected < 102.5.0-2.el8_7.almafixed 102.5.0-2.el8_7.alma

    Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vul

  • CVE-2022-45420Dec 22, 2022
    affected < 102.5.0-2.el8_7.almafixed 102.5.0-2.el8_7.alma

    Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

Page 23 of 29