Amazon Linux 2 Security Advisory: ALAS-2022-1804
Advisory Release Date: 2022-05-31 23:50 Pacific
Advisory Updated Date: 2022-06-07 19:43 Pacific
The Mozilla Foundation Security Advisory describes this flaw as:
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. (CVE-2022-1529)
he Mozilla Foundation Security Advisory describes this flaw as:
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. (CVE-2022-1802)
Affected Packages:
thunderbird
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update thunderbird to update your system.
aarch64:
thunderbird-91.9.1-1.amzn2.0.1.aarch64
thunderbird-debuginfo-91.9.1-1.amzn2.0.1.aarch64
src:
thunderbird-91.9.1-1.amzn2.0.1.src
x86_64:
thunderbird-91.9.1-1.amzn2.0.1.x86_64
thunderbird-debuginfo-91.9.1-1.amzn2.0.1.x86_64