First Last Prev Next    This bug is not in your last search results.
Bug 1204411 - VUL-0: MozillaThunderbird: update to 102.3.1 (MFSA2022-43)
VUL-0: MozillaThunderbird: update to 102.3.1 (MFSA2022-43)
Status: NEW
: 1204407 1204408 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Martin Sirringhaus
Security Team bot
https://smash.suse.de/issue/343804/
CVSSv3.1:SUSE:CVE-2022-39236:4.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-10-18 07:59 UTC by Gabriele Sonnu
Modified: 2022-10-27 16:23 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gabriele Sonnu 2022-10-18 07:59:01 UTC 
Fixed in Thunderbird 102.3.1:

- CVE-2022-39249: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators

- CVE-2022-39250: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack

- CVE-2022-39251: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack

- CVE-2022-39236: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue

https://www.mozilla.org/en-US/security/advisories/mfsa2022-43/
Comment 1 Gabriele Sonnu 2022-10-18 08:00:17 UTC 
*** Bug 1204407 has been marked as a duplicate of this bug. ***
Comment 2 Gabriele Sonnu 2022-10-18 08:00:54 UTC 
*** Bug 1204408 has been marked as a duplicate of this bug. ***
Comment 4 Swamp Workflow Management 2022-10-27 16:23:27 UTC 
SUSE-SU-2022:3800-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1203477,1204411,1204421
CVE References: CVE-2022-3155,CVE-2022-3266,CVE-2022-39236,CVE-2022-39249,CVE-2022-39250,CVE-2022-39251,CVE-2022-40956,CVE-2022-40957,CVE-2022-40958,CVE-2022-40959,CVE-2022-40960,CVE-2022-40962
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    MozillaThunderbird-102.4.0-150200.8.85.1
openSUSE Leap 15.3 (src):    MozillaThunderbird-102.4.0-150200.8.85.1
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    MozillaThunderbird-102.4.0-150200.8.85.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    MozillaThunderbird-102.4.0-150200.8.85.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src):    MozillaThunderbird-102.4.0-150200.8.85.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    MozillaThunderbird-102.4.0-150200.8.85.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
First Last Prev Next    This bug is not in your last search results.