{"id":"RLSA-2022:0535","summary":"Important: thunderbird security update","details":"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 91.6.0.\n\nSecurity Fix(es):\n\n* Mozilla: Extensions could have bypassed permission confirmation during update (CVE-2022-22754)\n\n* Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 (CVE-2022-22764)\n\n* Mozilla: Drag and dropping an image could have resulted in the dropped object being an executable (CVE-2022-22756)\n\n* Mozilla: Sandboxed iframes could have executed script if the parent appended elements (CVE-2022-22759)\n\n* Mozilla: Cross-Origin responses could be distinguished between script and non-script content-types (CVE-2022-22760)\n\n* Mozilla: frame-ancestors Content Security Policy directive was not enforced for framed extension pages (CVE-2022-22761)\n\n* Mozilla: Script Execution during invalid object state (CVE-2022-22763)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-03-11T06:01:54.965752Z","published":"2022-02-15T10:03:34Z","upstream":["CVE-2022-22754","CVE-2022-22756","CVE-2022-22759","CVE-2022-22760","CVE-2022-22761","CVE-2022-22763","CVE-2022-22764"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2022:0535"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053236"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053237"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053238"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053239"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053240"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053242"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053243"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/thunderbird?distro=rocky-linux-8-5-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:91.6.0-1.el8_5"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:0535.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}