Release date:
2026-05-26 09:14:39 UTC
Description:
- CVE-2023-5388: NSS MPI RSA decryption timing side-channel (Marvin attack);
backport upstream NSS_3_90 commit 196716d8 to security/nss/lib/freebl
- CVE-2024-0741: ANGLE VariablePacker int32 overflow leading to heap
out-of-bounds write in WebGL shader compilation
- CVE-2024-0753: PSM HSTS superdomain walk did not honor ancestor
includeSubDomains policy (RFC 6797 conformance)
- CVE-2025-3523: attachment URL UI misrepresentation in
displayAttachmentsForExpandedViewExternal; mouseover/focus showed last URL
for all rows
Updated packages:
-
thunderbird-115.4.1-1.el9_2.alma.tuxcare.els4.x86_64.rpm
sha:9edc6e5266b9921f7c0bd27b7803d376df3001f6994d72efeb897d7b72c567d7
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
