Red Hat Security Advisory: thunderbird security update
🔗 CVE IDs covered (11)
📋 Description
CVE-2022-0566 — thunderbird: Crafted email could trigger an out-of-bounds write CVE-2022-25235 — expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25236 — expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution CVE-2022-25315 — expat: Integer overflow in storeRawNames() CVE-2022-26381 — Mozilla: Use-after-free in text reflows CVE-2022-26383 — Mozilla: Browser window spoof using fullscreen mode CVE-2022-26384 — Mozilla: iframe allow-scripts sandbox bypass CVE-2022-26386 — Mozilla: Temporary files downloaded to /tmp and accessible by other local users CVE-2022-26387 — Mozilla: Time-of-check time-of-use bug when verifying add-on signatures CVE-2022-26485 — Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26486 — Mozilla: Use-after-free in WebGPU IPC Framework
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2022:0847
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2055591
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2056363
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2056366
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2056370
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2061735
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2061736
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2062220
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2062221
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2062222
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2062223
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2062224
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0847.json