Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: glsamaker@g.o
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202210-35 ] Mozilla Thunderbird: Multiple Vulnerabilities
Date: Mon, 31 Oct 2022 20:07:30
Message-Id: 166724642487.9.3007999204425427137@90bb6a0775af
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202210-35
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Mozilla Thunderbird: Multiple Vulnerabilities
9 Date: October 31, 2022
10 Bugs: #873667, #878315
11 ID: 202210-35
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Mozilla Thunderbird, the
19 worst of which could result in arbitrary code execution.
20
21 Background
22 ==========
23
24 Mozilla Thunderbird is a popular open-source email client from the
25 Mozilla project.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 mail-client/thunderbird < 102.4.0 >= 102.4.0
34 2 mail-client/thunderbird-bin < 102.4.0 >= 102.4.0
35
36 Description
37 ===========
38
39 Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
40 Please review the CVE identifiers referenced below for details.
41
42 Impact
43 ======
44
45 Please review the referenced CVE identifiers for details.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All Mozilla Thunderbird users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.4.0"
59
60 All Mozilla Thunderbird binary users should upgrade to the latest
61 version:
62
63 # emerge --sync
64 # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.4.0"
65
66 References
67 ==========
68
69 [ 1 ] CVE-2022-39236
70 https://nvd.nist.gov/vuln/detail/CVE-2022-39236
71 [ 2 ] CVE-2022-39249
72 https://nvd.nist.gov/vuln/detail/CVE-2022-39249
73 [ 3 ] CVE-2022-39250
74 https://nvd.nist.gov/vuln/detail/CVE-2022-39250
75 [ 4 ] CVE-2022-39251
76 https://nvd.nist.gov/vuln/detail/CVE-2022-39251
77 [ 5 ] CVE-2022-42927
78 https://nvd.nist.gov/vuln/detail/CVE-2022-42927
79 [ 6 ] CVE-2022-42928
80 https://nvd.nist.gov/vuln/detail/CVE-2022-42928
81 [ 7 ] CVE-2022-42929
82 https://nvd.nist.gov/vuln/detail/CVE-2022-42929
83 [ 8 ] CVE-2022-42932
84 https://nvd.nist.gov/vuln/detail/CVE-2022-42932
85
86 Availability
87 ============
88
89 This GLSA and any updates to it are available for viewing at
90 the Gentoo Security Website:
91
92 https://security.gentoo.org/glsa/202210-35
93
94 Concerns?
95 =========
96
97 Security is a primary focus of Gentoo Linux and ensuring the
98 confidentiality and security of our users' machines is of utmost
99 importance to us. Any security concerns should be addressed to
100 security@g.o or alternatively, you may file a bug at
101 https://bugs.gentoo.org.
102
103 License
104 =======
105
106 Copyright 2022 Gentoo Foundation, Inc; referenced text
107 belongs to its owner(s).
108
109 The contents of this document are licensed under the
110 Creative Commons - Attribution / Share Alike license.
111
112 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups