File _patchinfo of Package patchinfo.22941
<patchinfo incident="22941">
<issue tracker="bnc" id="1196072">VUL-0: MozillaThunderbird: Crafted email could trigger an out-of-bounds write</issue>
<issue tracker="bnc" id="1195682">VUL-0: MozillaFirefox / MozillaThunderbird: update to 97 and 91.6esr</issue>
<issue tracker="cve" id="2022-22756"/>
<issue tracker="cve" id="2022-22754"/>
<issue tracker="cve" id="2022-22763"/>
<issue tracker="cve" id="2022-22764"/>
<issue tracker="cve" id="2022-22761"/>
<issue tracker="cve" id="2022-0566"/>
<issue tracker="cve" id="2022-22753"/>
<issue tracker="cve" id="2022-22759"/>
<issue tracker="cve" id="2022-22760"/>
<packager>MSirringhaus</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for MozillaThunderbird</summary>
<description>This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird 91.6.1 / MFSA 2022-07 (bsc#1196072)
* CVE-2022-0566 (bmo#1753094)
Crafted email could trigger an out-of-bounds write
- Mozilla Thunderbird 91.6 / MFSA 2022-06 (bsc#1195682)
* CVE-2022-22753 (bmo#1732435)
Privilege Escalation to SYSTEM on Windows via Maintenance
Service
* CVE-2022-22754 (bmo#1750565)
Extensions could have bypassed permission confirmation during
update
* CVE-2022-22756 (bmo#1317873)
Drag and dropping an image could have resulted in the dropped
object being an executable
* CVE-2022-22759 (bmo#1739957)
Sandboxed iframes could have executed script if the parent
appended elements
* CVE-2022-22760 (bmo#1740985, bmo#1748503)
Cross-Origin responses could be distinguished between script
and non-script content-types
* CVE-2022-22761 (bmo#1745566)
frame-ancestors Content Security Policy directive was not
enforced for framed extension pages
* CVE-2022-22763 (bmo#1740534)
Script Execution during invalid object state
* CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
bmo#1748210, bmo#1748279)
Memory safety bugs fixed in Thunderbird 91.6
</description>
</patchinfo>
