{"id":"MGASA-2023-0034","summary":"Updated thunderbird packages fix security vulnerability","details":"libusrsctp library out of date. (CVE-2022-46871)\n\nArbitrary file read from GTK drag and drop on Linux. (CVE-2023-23598)\n\nURL being dragged from cross-origin iframe into same tab triggers\nnavigation. (CVE-2023-23601)\n\nContent Security Policy wasn't being correctly applied to WebSockets in\nWebWorkers. (CVE-2023-23602)\n\nFullscreen notification bypass. (CVE-2022-46877)\n\nCalls to \u003ccode\u003econsole.log\u003c/code\u003e allowed bypasing Content Security Policy\nvia format directive. (CVE-2023-23603)\n\nMemory safety bugs fixed in Thunderbird 102.7. (CVE-2023-23605)\n\nRevocation status of S/Mime signature certificates was not checked.\n(CVE-2023-0430)\n","modified":"2026-04-16T04:42:29.349617848Z","published":"2023-02-07T00:06:39Z","upstream":["CVE-2022-46871","CVE-2022-46877","CVE-2023-0430","CVE-2023-23598","CVE-2023-23601","CVE-2023-23602","CVE-2023-23603","CVE-2023-23605"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0034.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31438"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/102.7.0/releasenotes/"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/102.7.1/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2023:0463"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2023:0456"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"102.7.1-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0034.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"102.7.1-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0034.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}