{"id":"ALSA-2022:0535","summary":"Important: thunderbird security update","details":"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 91.6.0.\n\nSecurity Fix(es):\n\n* Mozilla: Extensions could have bypassed permission confirmation during update (CVE-2022-22754)\n\n* Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 (CVE-2022-22764)\n\n* Mozilla: Drag and dropping an image could have resulted in the dropped object being an executable (CVE-2022-22756)\n\n* Mozilla: Sandboxed iframes could have executed script if the parent appended elements (CVE-2022-22759)\n\n* Mozilla: Cross-Origin responses could be distinguished between script and non-script content-types (CVE-2022-22760)\n\n* Mozilla: frame-ancestors Content Security Policy directive was not enforced for framed extension pages (CVE-2022-22761)\n\n* Mozilla: Script Execution during invalid object state (CVE-2022-22763)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-02-04T02:21:25.519111Z","published":"2022-02-15T10:03:34Z","related":["CVE-2022-22754","CVE-2022-22756","CVE-2022-22759","CVE-2022-22760","CVE-2022-22761","CVE-2022-22763","CVE-2022-22764"],"references":[{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-22754"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-22756"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-22759"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-22760"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-22761"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-22763"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-22764"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/thunderbird"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"91.6.0-1.el8_5.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0535.json"}},{"package":{"name":"thunderbird","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/thunderbird"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"91.6.0-1.el8_5.alma.plus"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0535.json"}}],"schema_version":"1.7.3"}