102.7.0-alt1 built Jan. 26, 2023 Pavel Vasenkov in task #314033
Jan. 24, 2023 Pavel Vasenkov
- New version.
- Security fixes:
+ CVE-2022-46871 libusrsctp library out of date
+ CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux
+ CVE-2023-23599 Malicious command could be hidden in devtools output on Windows
+ CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation
+ CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
+ CVE-2022-46877 Fullscreen notification bypass
+ CVE-2023-23603 Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
+ CVE-2023-23605 Memory safety bugs fixed in Thunderbird 102.7