All errata/sisyphus/ALT-PU-2023-6200-3
ALT-PU-2023-6200-3

Package update thunderbird in branch sisyphus

Version115.3.1-alt1
Task#331244
Published2026-02-04
Max severityCRITICAL
Severity:

Closed issues (12)

BDU:2023-06157
CRITICAL9.6

Уязвимость функции кодирования в формат VP8 библиотеки libvpx браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2023-09-29Modified: 2026-03-04
CVSS 3.xCRITICAL 9.6
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2023-06372
CRITICAL9.8

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird операционных систем Windows, связанная с использованием памяти после ее освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-10-06Modified: 2024-04-02
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2023-07235
CRITICAL9.8

Уязвимость почтового клиента Thunderbird и браузеров Firefox, Firefox ESR, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

Published: 2023-10-28Modified: 2024-09-25
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2023-07665
MEDIUM6.5

Уязвимость веб-браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-11-11Modified: 2024-09-25
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C
References
BDU:2023-07671
MEDIUM6.5

Уязвимость веб-браузеров Firefox ESR, Firefox и почтового клиента Thunderbird, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-11-11Modified: 2024-09-25
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C
References
CVE-2023-5168
CRITICAL9.8

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

Published: 2023-09-27Modified: 2025-05-01
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2023-5169
MEDIUM6.5

A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

Published: 2023-09-27Modified: 2024-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References
CVE-2023-5171
MEDIUM6.5

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

Published: 2023-09-27Modified: 2024-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References
CVE-2023-5174
CRITICAL9.8

If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

Published: 2023-09-27Modified: 2025-05-05
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2023-5176
CRITICAL9.8

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

Published: 2023-09-27Modified: 2025-05-01
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2023-5217
HIGH8.8

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: 2023-09-28Modified: 2025-10-24
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
GHSA-qqvq-6xgj-jw8g
HIGH8.8

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Published: 2023-09-28Modified: 2024-02-15
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References