diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes
index 448b25d..7ea9906 100644
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@@ -37,7 +37,24 @@ Fri Sep 16 08:17:49 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
     bmo#1788725, bmo#1790324)
   * unresolved: No dedicated "Department" field in address book
     (bmo#1777780)
-  MFSA 2022- (bsc#1203477)
+  MFSA 2022-42 (bsc#1203477)
+  * CVE-2022-40959 (bmo#1782211)
+    Bypassing FeaturePolicy restrictions on transient pages
+  * CVE-2022-40960 (bmo#1787633)
+    Data-race when parsing non-UTF-8 URLs in threads
+  * CVE-2022-40958 (bmo#1779993)
+    Bypassing Secure Context restriction for cookies with __Host
+    and __Secure prefix
+  * CVE-2022-40956 (bmo#1770094)
+    Content-Security-Policy base-uri bypass
+  * CVE-2022-40957 (bmo#1777604)
+    Incoherent instruction cache when building WASM on ARM64
+  * CVE-2022-3155 (bmo#1789061)
+    Attachment files saved to disk on macOS could be executed
+    without warning
+  * CVE-2022-40962 (bmo#1767360, bmo#1776655, bmo#1777574, bmo#1784835,
+    bmo#1785109, bmo#1786502, bmo#1789440)
+    Memory safety bugs fixed in Thunderbird 102.3
 
 -------------------------------------------------------------------
 Thu Sep  8 06:31:58 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>