{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"91.6.1-8.54.1","MozillaThunderbird-translations-common":"91.6.1-8.54.1","MozillaThunderbird-translations-other":"91.6.1-8.54.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"91.6.1-8.54.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\n- Mozilla Thunderbird 91.6.1 / MFSA 2022-07 (bsc#1196072)\n  * CVE-2022-0566 (bmo#1753094)\n    Crafted email could trigger an out-of-bounds write\n\n- Mozilla Thunderbird 91.6 / MFSA 2022-06 (bsc#1195682)\n  * CVE-2022-22753 (bmo#1732435)\n    Privilege Escalation to SYSTEM on Windows via Maintenance\n    Service\n  * CVE-2022-22754 (bmo#1750565)\n    Extensions could have bypassed permission confirmation during\n    update\n  * CVE-2022-22756 (bmo#1317873)\n    Drag and dropping an image could have resulted in the dropped\n    object being an executable\n  * CVE-2022-22759 (bmo#1739957)\n    Sandboxed iframes could have executed script if the parent\n    appended elements\n  * CVE-2022-22760 (bmo#1740985, bmo#1748503)\n    Cross-Origin responses could be distinguished between script\n    and non-script content-types\n  * CVE-2022-22761 (bmo#1745566)\n    frame-ancestors Content Security Policy directive was not\n    enforced for framed extension pages\n  * CVE-2022-22763 (bmo#1740534)\n    Script Execution during invalid object state\n  * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,\n    bmo#1748210, bmo#1748279)\n    Memory safety bugs fixed in Thunderbird 91.6\n","id":"openSUSE-SU-2022:0559-1","modified":"2022-02-23T14:04:58Z","published":"2022-02-23T14:04:58Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GSM3MOVKIHQAE33NLCNX7MUULCOLEADF/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1195682"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196072"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0566"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22753"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22754"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22756"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22759"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22760"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22761"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22763"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-22764"}],"related":["CVE-2022-0566","CVE-2022-22753","CVE-2022-22754","CVE-2022-22756","CVE-2022-22759","CVE-2022-22760","CVE-2022-22761","CVE-2022-22763","CVE-2022-22764"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2022-0566","CVE-2022-22753","CVE-2022-22754","CVE-2022-22756","CVE-2022-22759","CVE-2022-22760","CVE-2022-22761","CVE-2022-22763","CVE-2022-22764"]}