{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"91.6.2-8.59.1","MozillaThunderbird-translations-common":"91.6.2-8.59.1","MozillaThunderbird-translations-other":"91.6.2-8.59.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"91.6.2-8.59.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\nMozilla Thunderbird 91.6.2 (bsc#1196809):\n\n- CVE-2022-26485: Use-after-free in XSLT parameter processing\n- CVE-2022-26486: Use-after-free in WebGPU IPC Framework\n","id":"openSUSE-SU-2022:0804-1","modified":"2022-03-10T16:53:02Z","published":"2022-03-10T16:53:02Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2QKMX6IGL25P7OFW2JTNRZ4AD2EN4OAZ/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196809"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-26485"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-26486"}],"related":["CVE-2022-26485","CVE-2022-26486"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2022-26485","CVE-2022-26486"]}