Important: thunderbird security update

2023-05-1800:00:00

Google

osv.dev

mozilla thunderbird

standalone mail client

security update

cve-2023-32205

cve-2023-32206

cve-2023-32207

cve-2023-32215

cve-2023-32211

cve-2023-32212

cve-2023-32213

content process crash

memory safety bugs

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.003

Percentile

70.5%

JSON

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.11.0.

Security Fix(es):

Mozilla: Browser prompts could have been obscured by popups (CVE-2023-32205)
Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)
Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-32207)
Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 (CVE-2023-32215)
Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)
Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)
Mozilla: Potential memory corruption in FileReader::DoReadData() (CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.