[Git][security-tracker-team/security-tracker][master] Followup thunderbird entries with mfsa2023-33
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 3 21:16:02 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
36f7d264 by Salvatore Bonaccorso at 2023-08-03T22:15:27+02:00
Followup thunderbird entries with mfsa2023-33
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -207,8 +207,13 @@ CVE-2023-4057 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and
[bookworm] - firefox-esr <not-affected> (Only affects Firefox ESR 115.1)
[bullseye] - firefox-esr <not-affected> (Only affects Firefox ESR 115.1)
[buster] - firefox-esr <not-affected> (Only affects Firefox ESR 115.1)
+ - thunderbird <unfixed>
+ [bookworm] - thunderbird <not-affected> (Only affects Thunderbird 115.1)
+ [bullseye] - thunderbird <not-affected> (Only affects Thunderbird 115.1)
+ [buster] - thunderbird <not-affected> (Only affects Thunderbird 115.1)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4057
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4057
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4057
CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ...)
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
@@ -217,6 +222,7 @@ CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Fir
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4056
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4056
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4056
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4056
CVE-2023-4055 (When the number of cookies per domain was exceeded in `document.cookie ...)
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
@@ -225,6 +231,7 @@ CVE-2023-4055 (When the number of cookies per domain was exceeded in `document.c
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4055
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4055
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4055
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4055
CVE-2023-4054 (When opening appref-ms files, Firefox did not warn the user that these ...)
- firefox <not-affected> (Affects only Firefox on Windows)
- firefox-esr <not-affected> (Affects only Firefox on Windows)
@@ -233,14 +240,17 @@ CVE-2023-4054 (When opening appref-ms files, Firefox did not warn the user that
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4054
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4054
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4054
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4054
CVE-2023-4053 (A website could have obscured the full screen notification by using a ...)
- firefox 116.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4053
CVE-2023-4052 (The Firefox updater created a directory writable by non-privileged use ...)
- firefox <not-affected> (Affects only Firefox on Windows)
- firefox-esr <not-affected> (Affects only Firefox ESR 115.0.1 on Windows)
+ - thunderbird <not-affected> (Affects only Thunderbird on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4052
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4052
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4052
CVE-2023-4051 (A website could have obscured the full screen notification by using th ...)
- firefox 116.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4051
@@ -252,6 +262,7 @@ CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack bu
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4050
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4050
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4050
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4050
CVE-2023-4049 (Race conditions in reference counting code were found through code ins ...)
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
@@ -260,6 +271,7 @@ CVE-2023-4049 (Race conditions in reference counting code were found through cod
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4049
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4049
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4049
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4049
CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash when pars ...)
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
@@ -268,6 +280,7 @@ CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash when
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4048
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4048
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4048
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4048
CVE-2023-4047 (A bug in popup notifications delay calculation could have made it poss ...)
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
@@ -276,6 +289,7 @@ CVE-2023-4047 (A bug in popup notifications delay calculation could have made it
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4047
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4047
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4047
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4047
CVE-2023-4046 (In some circumstances, a stale value could have been used for a global ...)
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
@@ -284,6 +298,7 @@ CVE-2023-4046 (In some circumstances, a stale value could have been used for a g
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4046
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4046
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4046
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4046
CVE-2023-4045 (Offscreen Canvas did not properly track cross-origin tainting, which c ...)
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
@@ -292,6 +307,7 @@ CVE-2023-4045 (Offscreen Canvas did not properly track cross-origin tainting, wh
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4045
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4045
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4045
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4045
CVE-2023-36325 [Attackers can de-anonymize i2p hidden services with a message replay attack]
- i2p <unfixed>
NOTE: https://xeiaso.net/blog/CVE-2023-36325
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36f7d264f4551fec70ca93ff906a5ac4eb322551
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36f7d264f4551fec70ca93ff906a5ac4eb322551
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230803/8cb685b6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list