Mozilla has released Thunderbird 102.5.0 on November 15: https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/
Assignee: bugsquad => nicolas.salgueroCC: (none) => nicolas.salgueroSource RPM: (none) => thunderbird, thunderbird-l10n
Depends on: (none) => 31128
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Service Workers might have learned size of cross-origin media files. (CVE-2022-45403) Fullscreen notification bypass. (CVE-2022-45404) Use-after-free in InputStream implementation. (CVE-2022-45405) Use-after-free of a JavaScript Realm. (CVE-2022-45406) Fullscreen notification bypass via windowName. (CVE-2022-45408) Use-after-free in Garbage Collection. (CVE-2022-45409) ServiceWorker-intercepted requests bypassed SameSite cookie policy. (CVE-2022-45410) Cross-Site Tracing was possible via non-standard override headers. (CVE-2022-45411) Symlinks may resolve to partially uninitialized buffers. (CVE-2022-45412) Keystroke Side-Channel Leakage. (CVE-2022-45416) Custom mouse cursor could have been drawn over browser UI. (CVE-2022-45418) Iframe contents could be rendered outside the iframe. (CVE-2022-45420) Memory safety bugs fixed in Thunderbird 102.5. (CVE-2022-45421) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421 https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-102.5.0-1.mga8 thunderbird-ka-102.5.0-1.mga8 thunderbird-ru-102.5.0-1.mga8 thunderbird-uk-102.5.0-1.mga8 thunderbird-el-102.5.0-1.mga8 thunderbird-ja-102.5.0-1.mga8 thunderbird-zh_TW-102.5.0-1.mga8 thunderbird-kk-102.5.0-1.mga8 thunderbird-th-102.5.0-1.mga8 thunderbird-sk-102.5.0-1.mga8 thunderbird-vi-102.5.0-1.mga8 thunderbird-hu-102.5.0-1.mga8 thunderbird-zh_CN-102.5.0-1.mga8 thunderbird-cs-102.5.0-1.mga8 thunderbird-hsb-102.5.0-1.mga8 thunderbird-dsb-102.5.0-1.mga8 thunderbird-hy_AM-102.5.0-1.mga8 thunderbird-sr-102.5.0-1.mga8 thunderbird-es_MX-102.5.0-1.mga8 thunderbird-fr-102.5.0-1.mga8 thunderbird-de-102.5.0-1.mga8 thunderbird-tr-102.5.0-1.mga8 thunderbird-es_AR-102.5.0-1.mga8 thunderbird-pl-102.5.0-1.mga8 thunderbird-ko-102.5.0-1.mga8 thunderbird-kab-102.5.0-1.mga8 thunderbird-fy_NL-102.5.0-1.mga8 thunderbird-sq-102.5.0-1.mga8 thunderbird-pt_BR-102.5.0-1.mga8 thunderbird-cy-102.5.0-1.mga8 thunderbird-bg-102.5.0-1.mga8 thunderbird-sv_SE-102.5.0-1.mga8 thunderbird-be-102.5.0-1.mga8 thunderbird-sl-102.5.0-1.mga8 thunderbird-is-102.5.0-1.mga8 thunderbird-nl-102.5.0-1.mga8 thunderbird-lt-102.5.0-1.mga8 thunderbird-eu-102.5.0-1.mga8 thunderbird-et-102.5.0-1.mga8 thunderbird-da-102.5.0-1.mga8 thunderbird-fi-102.5.0-1.mga8 thunderbird-gl-102.5.0-1.mga8 thunderbird-pt_PT-102.5.0-1.mga8 thunderbird-he-102.5.0-1.mga8 thunderbird-hr-102.5.0-1.mga8 thunderbird-ro-102.5.0-1.mga8 thunderbird-ar-102.5.0-1.mga8 thunderbird-nn_NO-102.5.0-1.mga8 thunderbird-es_ES-102.5.0-1.mga8 thunderbird-en_GB-102.5.0-1.mga8 thunderbird-nb_NO-102.5.0-1.mga8 thunderbird-en_CA-102.5.0-1.mga8 thunderbird-pa_IN-102.5.0-1.mga8 thunderbird-en_US-102.5.0-1.mga8 thunderbird-ca-102.5.0-1.mga8 thunderbird-id-102.5.0-1.mga8 thunderbird-gd-102.5.0-1.mga8 thunderbird-it-102.5.0-1.mga8 thunderbird-lv-102.5.0-1.mga8 thunderbird-br-102.5.0-1.mga8 thunderbird-ga_IE-102.5.0-1.mga8 thunderbird-af-102.5.0-1.mga8 thunderbird-ms-102.5.0-1.mga8 thunderbird-ast-102.5.0-1.mga8 thunderbird-uz-102.5.0-1.mga8 from SRPMS: thunderbird-102.5.0-1.mga8.src.rpm thunderbird-l10n-102.5.0-1.mga8.src.rpm
Assignee: nicolas.salguero => qa-bugsVersion: Cauldron => 8Status: NEW => ASSIGNED
I assume this also fixes the expat issue fixed in Firefox 102.5.
MGA8-64 Plasma on i5-2500, Intel graphics, wired Internet. Updated Firefox and Thunderbird at the same time. No issues with either.
CC: (none) => andrewsfarm
Updated in Mga8-x86_64 Plasma. No Issues for the moment. Receive and send ok. Contacts ok. Accounts POP3 ok. Signatures ok. Settings ok. Addons ok. Spanish translation ok. Greetings and thanks to the dev team!
CC: (none) => joselp
mga8-64, Plasma, nvidia-current Updated after nss and firefox OK for me using: Swedish locale Stored settings and mails SMTP, IMAP
CC: (none) => fri
No regressions noticed. Advisory committed to svn. Validating.
Keywords: (none) => advisory, validated_updateWhiteboard: (none) => MGA8-64-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0428.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
RedHat has issued an advisory for this today (November 21): https://access.redhat.com/errata/RHSA-2022:8555