{"id":"ALSA-2023:1802","summary":"Important: thunderbird security update","details":"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.10.0.\n\nSecurity Fix(es):\n\n* Thunderbird: Revocation status of S/Mime recipient certificates was not checked (CVE-2023-0547)\n* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2023-28427)\n* Mozilla: Fullscreen notification obscured (CVE-2023-29533)\n* Mozilla: Potential Memory Corruption following Garbage Collector compaction (CVE-2023-29535)\n* Mozilla: Invalid free from JavaScript code (CVE-2023-29536)\n* Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (CVE-2023-29550)\n* Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)\n* Thunderbird: Hang when processing certain OpenPGP messages (CVE-2023-29479)\n* Mozilla: Content-Disposition filename truncation leads to Reflected File Download (CVE-2023-29539)\n* Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux (CVE-2023-29541)\n* Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)\n* MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-01-30T01:42:50.589414Z","published":"2023-04-17T00:00:00Z","related":["CVE-2023-0547","CVE-2023-1945","CVE-2023-28427","CVE-2023-29479","CVE-2023-29533","CVE-2023-29535","CVE-2023-29536","CVE-2023-29539","CVE-2023-29541","CVE-2023-29548","CVE-2023-29550"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:1802"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-0547"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-1945"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-28427"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-29479"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-29533"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-29535"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-29536"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-29539"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-29541"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-29548"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-29550"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2183278"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186101"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186103"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186104"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186105"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186106"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186109"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186110"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186111"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186734"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186735"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2023-1802.html"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/thunderbird"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"102.10.0-2.el8_7.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:1802.json"}}],"schema_version":"1.7.3"}