Bug 31911

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Browser prompts could have been obscured by popups. (CVE-2023-32205)

Crash in RLBox Expat driver. (CVE-2023-32206)

Potential permissions request bypass via clickjacking. (CVE-2023-32207)

Content process crash due to invalid wasm code. (CVE-2023-32211)

Potential spoof due to obscured address bar. (CVE-2023-32212)

Potential memory corruption in FileReader::DoReadData(). (CVE-2023-32213)

Memory safety bugs fixed in Thunderbird 102.11. (CVE-2023-32215)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32215
https://www.thunderbird.net/en-US/thunderbird/102.11.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/
========================

Updated packages in core/updates_testing:
========================
thunderbird-102.11.0-1.mga8
thunderbird-ka-102.11.0-1.mga8
thunderbird-ru-102.11.0-1.mga8
thunderbird-uk-102.11.0-1.mga8
thunderbird-el-102.11.0-1.mga8
thunderbird-ja-102.11.0-1.mga8
thunderbird-zh_TW-102.11.0-1.mga8
thunderbird-kk-102.11.0-1.mga8
thunderbird-th-102.11.0-1.mga8
thunderbird-sk-102.11.0-1.mga8
thunderbird-vi-102.11.0-1.mga8
thunderbird-hu-102.11.0-1.mga8
thunderbird-zh_CN-102.11.0-1.mga8
thunderbird-cs-102.11.0-1.mga8
thunderbird-hsb-102.11.0-1.mga8
thunderbird-dsb-102.11.0-1.mga8
thunderbird-hy_AM-102.11.0-1.mga8
thunderbird-sr-102.11.0-1.mga8
thunderbird-es_MX-102.11.0-1.mga8
thunderbird-fr-102.11.0-1.mga8
thunderbird-de-102.11.0-1.mga8
thunderbird-tr-102.11.0-1.mga8
thunderbird-es_AR-102.11.0-1.mga8
thunderbird-pl-102.11.0-1.mga8
thunderbird-ko-102.11.0-1.mga8
thunderbird-kab-102.11.0-1.mga8
thunderbird-fy_NL-102.11.0-1.mga8
thunderbird-sq-102.11.0-1.mga8
thunderbird-pt_BR-102.11.0-1.mga8
thunderbird-cy-102.11.0-1.mga8
thunderbird-bg-102.11.0-1.mga8
thunderbird-sv_SE-102.11.0-1.mga8
thunderbird-be-102.11.0-1.mga8
thunderbird-sl-102.11.0-1.mga8
thunderbird-is-102.11.0-1.mga8
thunderbird-nl-102.11.0-1.mga8
thunderbird-lt-102.11.0-1.mga8
thunderbird-eu-102.11.0-1.mga8
thunderbird-et-102.11.0-1.mga8
thunderbird-da-102.11.0-1.mga8
thunderbird-fi-102.11.0-1.mga8
thunderbird-gl-102.11.0-1.mga8
thunderbird-pt_PT-102.11.0-1.mga8
thunderbird-he-102.11.0-1.mga8
thunderbird-hr-102.11.0-1.mga8
thunderbird-ro-102.11.0-1.mga8
thunderbird-ar-102.11.0-1.mga8
thunderbird-nn_NO-102.11.0-1.mga8
thunderbird-es_ES-102.11.0-1.mga8
thunderbird-en_GB-102.11.0-1.mga8
thunderbird-nb_NO-102.11.0-1.mga8
thunderbird-en_CA-102.11.0-1.mga8
thunderbird-pa_IN-102.11.0-1.mga8
thunderbird-en_US-102.11.0-1.mga8
thunderbird-ca-102.11.0-1.mga8
thunderbird-id-102.11.0-1.mga8
thunderbird-gd-102.11.0-1.mga8
thunderbird-it-102.11.0-1.mga8
thunderbird-lv-102.11.0-1.mga8
thunderbird-br-102.11.0-1.mga8
thunderbird-ga_IE-102.11.0-1.mga8
thunderbird-af-102.11.0-1.mga8
thunderbird-ms-102.11.0-1.mga8
thunderbird-ast-102.11.0-1.mga8
thunderbird-uz-102.11.0-1.mga8

from SRPMS:
thunderbird-102.11.0-1.mga8.src.rpm
thunderbird-l10n-102.11.0-1.mga8.src.rpm

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8
Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs

No regressions noticed. Advisory committed to svn. Validating the update.

Keywords: (none) => advisory, validated_update
Whiteboard: (none) => MGA8-64-OK
CC: (none) => davidwhodgins, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0172.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

RedHat has issued an advisory for this on May 16:
https://access.redhat.com/errata/RHSA-2023:3151