{"id":"MGASA-2024-0006","summary":"Updated thunderbird thunderbird-l10n packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\nTruncated signed text was shown with a valid OpenPGP signature.\n(CVE-2023-50762)\nS/MIME signature accepted despite mismatching message date.\n(CVE-2023-50761)\nHeap-buffer-overflow affecting WebGL DrawElementsInstanced method with\nMesa VM driver. (CVE-2023-6856)\nSymlinks may resolve to smaller than expected buffers. (CVE-2023-6857)\nHeap buffer overflow in nsTextFragment. (CVE-2023-6858)\nUse-after-free in PR_GetIdentitiesLayer. (CVE-2023-6859)\nPotential sandbox escape due to VideoBridge lack of texture validation.\n(CVE-2023-6860)\nHeap buffer overflow affected nsWindow::PickerOpen(void) in headless\nmode. (CVE-2023-6861)\nUse-after-free in nsDNSService. (CVE-2023-6862)\nUndefined behavior in ShutdownObserver(). (CVE-2023-6863)\nMemory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and\nThunderbird 115.6. (CVE-2023-6864)\n","modified":"2026-04-16T04:43:21.386374797Z","published":"2024-01-12T12:36:35Z","upstream":["CVE-2023-50761","CVE-2023-50762","CVE-2023-6856","CVE-2023-6857","CVE-2023-6858","CVE-2023-6859","CVE-2023-6860","CVE-2023-6861","CVE-2023-6862","CVE-2023-6863","CVE-2023-6864"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0006.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32643"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/115.5.2/releasenotes/"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.6.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0006.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.6.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0006.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}