{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"102.10.1-150200.8.113.2","MozillaThunderbird-translations-common":"102.10.1-150200.8.113.2","MozillaThunderbird-translations-other":"102.10.1-150200.8.113.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP4","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102.10.1-150200.8.113.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"102.10.1-150200.8.113.2","MozillaThunderbird-translations-common":"102.10.1-150200.8.113.2","MozillaThunderbird-translations-other":"102.10.1-150200.8.113.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP4","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102.10.1-150200.8.113.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"102.10.1-150200.8.113.2","MozillaThunderbird-translations-common":"102.10.1-150200.8.113.2","MozillaThunderbird-translations-other":"102.10.1-150200.8.113.2"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"102.10.1-150200.8.113.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\nUpdate to Mozilla Thunderbird 102.10.1 (MFSA 2023-15) (bsc#1210212):\n\nSecurity fixes:\n  * CVE-2023-29531: Out-of-bound memory access in WebGL on macOS (bmo#1794292)\n  * CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass (bmo#1806394)\n  * CVE-2023-29533: Fullscreen notification obscured (bmo#1798219, bmo#1814597)\n  * CVE-2023-1999: Double-free in libwebp (bmo#1819244)\n  * CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction (bmo#1820543)\n  * CVE-2023-29536: Invalid free from JavaScript code (bmo#1821959)\n  * CVE-2023-0547: Revocation status of S/Mime recipient certificates was not checked (bmo#1811298)\n  * CVE-2023-29479: Hang when processing certain OpenPGP messages (bmo#1824978)\n  * CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download (bmo#1784348)\n  * CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux (bmo#1810191)\n  * CVE-2023-29542: Bypass of file download extension restrictions (bmo#1810793, bmo#1815062)\n  * CVE-2023-29545: Windows Save As dialog resolved environment variables (bmo#1823077)\n  * CVE-2023-1945: Memory Corruption in Safe Browsing Code (bmo#1777588)\n  * CVE-2023-29548: Incorrect optimization result on ARM64 (bmo#1822754)\n  * CVE-2023-29550: Memory safety bugs fixed in Thunderbird 102.10 (bmo#1720594, bmo#1751945, bmo#1812498,\n    bmo#1814217, bmo#1818357, bmo#1818762, bmo#1819493,\n    bmo#1820389, bmo#1820602, bmo#1821448, bmo#1822413,\n    bmo#1824828)\n    \nOther fixes:\n  * fixed: Messages with missing or corrupt 'From:' header did not display message header buttons (bmo#1793918)\n  * fixed: Composer repeatedly prompted for S/MIME smartcard signing/encryption password (bmo#1828366)\n  * fixed: Address Book integration did not work with macOS 11.4 Bug Sur (bmo#1720257)\n  * fixed: Mexico City DST fix in Thunderbird 102.10.0 (bug 1826146) was incomplete (bmo#1827503)\n  * changed: New messages will automatically select S/MIME if configured and OpenPGP is not (bmo#1793278)\n  * fixed: Calendar events with timezone America/Mexico_City incorrectly applied Daylight Savings Time (bmo#1826146)\n  * fixed: Security fixes\n","id":"SUSE-SU-2023:2064-1","modified":"2023-04-28T08:47:34Z","published":"2023-04-28T08:47:34Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20232064-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210212"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-0547"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-1945"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-1999"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29479"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29531"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29532"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29533"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29535"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29536"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29539"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29541"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29542"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29545"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29548"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29550"}],"related":["CVE-2023-0547","CVE-2023-1945","CVE-2023-1999","CVE-2023-29479","CVE-2023-29531","CVE-2023-29532","CVE-2023-29533","CVE-2023-29535","CVE-2023-29536","CVE-2023-29539","CVE-2023-29541","CVE-2023-29542","CVE-2023-29545","CVE-2023-29548","CVE-2023-29550"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2023-0547","CVE-2023-1945","CVE-2023-1999","CVE-2023-29479","CVE-2023-29531","CVE-2023-29532","CVE-2023-29533","CVE-2023-29535","CVE-2023-29536","CVE-2023-29539","CVE-2023-29541","CVE-2023-29542","CVE-2023-29545","CVE-2023-29548","CVE-2023-29550"]}