{"id":"ALSA-2023:4064","summary":"Important: thunderbird security update","details":"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.13.0.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)\n* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)\n* Mozilla: Fullscreen notification obscured (CVE-2023-37207)\n* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-01-30T02:19:41.601628Z","published":"2023-07-13T00:00:00Z","related":["CVE-2023-37201","CVE-2023-37202","CVE-2023-37207","CVE-2023-37208","CVE-2023-37211"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:4064"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-37201"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-37202"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-37207"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-37208"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-37211"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2219747"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2219748"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2219749"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2219750"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2219751"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2023-4064.html"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/thunderbird"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"102.13.0-2.el9_2.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:4064.json"}}],"schema_version":"1.7.3"}