Mozilla Thunderbird: Multiple Vulnerabilities — GLSA 202305-13

Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.

Affected packages

Package 	mail-client/thunderbird on all architectures
Affected versions 	< 102.7.0
Unaffected versions 	>= 102.7.0
Package 	mail-client/thunderbird-bin on all architectures
Affected versions 	< 102.7.0
Unaffected versions 	>= 102.7.0

Background

Mozilla Thunderbird is a popular open-source email client from the Mozilla project.

Description

Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Mozilla Thunderbird binary users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.7.0"
 

All Mozilla Thunderbird users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.7.0"
 

References

    CVE-2022-46871
    CVE-2022-46872
    CVE-2022-46874
    CVE-2022-46875
    CVE-2022-46877
    CVE-2022-46878
    CVE-2022-46880
    CVE-2022-46881
    CVE-2022-46882
    CVE-2023-23598
    CVE-2023-23599
    CVE-2023-23601
    CVE-2023-23602
    CVE-2023-23603
    CVE-2023-23605