Revisions of MozillaThunderbird
Ana Guerrero (anag+factory)
accepted
request 1169354
from
Wolfgang Rosenauer (wrosenauer)
(revision 333)
- Mozilla Thunderbird 115.10.1 https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/ * fixed hangup introduced with 115.10.0 (bmo#1891889) - Mozilla Thunderbird 115.10.0 https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/ MFSA 2024-20 (bsc#1222535) * CVE-2024-3852 (bmo#1883542) GetBoundName in the JIT returned the wrong object * CVE-2024-3854 (bmo#1884552) Out-of-bounds-read after mis-optimized switch statement * CVE-2024-3857 (bmo#1886683) Incorrect JITting of arguments led to use-after-free during garbage collection * CVE-2024-2609 (bmo#1866100) Permission prompt input delay could expire when not in focus * CVE-2024-3859 (bmo#1874489) Integer-overflow led to out-of-bounds-read in the OpenType sanitizer * CVE-2024-3861 (bmo#1883158) Potential use-after-free due to AlignedBuffer self-move * CVE-2024-3863 (bmo#1885855) Download Protections were bypassed by .xrm-ms files on Windows * CVE-2024-3302 (bmo#1881183) Denial of Service using HTTP/2 CONTINUATION frames * CVE-2024-3864 (bmo#1888333) Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
Ana Guerrero (anag+factory)
accepted
request 1160556
from
Wolfgang Rosenauer (wrosenauer)
(revision 332)
- LLVM18 breaks building Thunderbird on Tumbleweed; add * mozilla-fix-issues-with-llvm18.patch - Mozilla Thunderbird 115.9.0 https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/ MFSA 2024-14 (bsc#1221327) * CVE-2024-0743 (bmo#1867408) Crash in NSS TLS method * CVE-2024-2605 (bmo#1872920) Windows Error Reporter could be used as a Sandbox escape vector * CVE-2024-2607 (bmo#1879939) JIT code failed to save return registers on Armv7-A * CVE-2024-2608 (bmo#1880692) Integer overflow could have led to out of bounds write * CVE-2024-2616 (bmo#1846197) Improve handling of out-of-memory conditions in ICU * CVE-2023-5388 (bmo#1780432) NSS susceptible to timing attack against RSA decryption * CVE-2024-2610 (bmo#1871112) Improper handling of html and body tags enabled CSP nonce leakage * CVE-2024-2611 (bmo#1876675) Clickjacking vulnerability could have led to a user accidentally granting permissions * CVE-2024-2612 (bmo#1879444) Self referencing object could have potentially led to a use- after-free * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093) Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
Dominique Leuenberger (dimstar_suse)
accepted
request 1155826
from
Wolfgang Rosenauer (wrosenauer)
(revision 331)
- Mozilla Thunderbird 115.8.1 https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/ MFSA 2024-11 * CVE-2024-1936 (bmo#1860977) Leaking of encrypted email subjects to other conversations
Ana Guerrero (anag+factory)
accepted
request 1150520
from
Wolfgang Rosenauer (wrosenauer)
(revision 330)
Ana Guerrero (anag+factory)
accepted
request 1141172
from
Wolfgang Rosenauer (wrosenauer)
(revision 329)
- Mozilla Thunderbird 115.7.0 https://www.thunderbird.net/en-US/thunderbird/115.7.0/releasenotes/ MFSA 2024-04 (bsc#1218955) * CVE-2024-0741 (bmo#1864587) Out of bounds write in ANGLE * CVE-2024-0742 (bmo#1867152) Failure to update user input timestamp * CVE-2024-0746 (bmo#1660223) Crash when listing printers on Linux * CVE-2024-0747 (bmo#1764343) Bypass of Content Security Policy when directive unsafe-inline was set * CVE-2024-0749 (bmo#1813463) Phishing site popup could show local origin in address bar * CVE-2024-0750 (bmo#1863083) Potential permissions request bypass via clickjacking * CVE-2024-0751 (bmo#1865689) Privilege escalation through devtools * CVE-2024-0753 (bmo#1870262) HSTS policy on subdomain could bypass policy of upper domain * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701) Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
Ana Guerrero (anag+factory)
accepted
request 1138352
from
Wolfgang Rosenauer (wrosenauer)
(revision 328)
Ana Guerrero (anag+factory)
accepted
request 1134147
from
Wolfgang Rosenauer (wrosenauer)
(revision 327)
- Mozilla Thunderbird 115.6.0 https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/ * Message selection misbehaved after selecting a sub-message in an expanded thread, collapsing the thread, then pressing up/down to move selection * Thunderbird now attempts to reconnect on a new connection after SMTP 4xx errors * HTML FileLink attachments used the wrong encoding MFSA 2023-55 (bsc#1217230) * CVE-2023-50762 (bmo#1862625) Truncated signed text was shown with a valid OpenPGP signature * CVE-2023-50761 (bmo#1865647) S/MIME signature accepted despite mismatching message date * CVE-2023-6856 (bmo#1843782) Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver * CVE-2023-6857 (bmo#1796023) Symlinks may resolve to smaller than expected buffers * CVE-2023-6858 (bmo#1826791) Heap buffer overflow in nsTextFragment * CVE-2023-6859 (bmo#1840144) Use-after-free in PR_GetIdentitiesLayer * CVE-2023-6860 (bmo#1854669) Potential sandbox escape due to VideoBridge lack of texture validation * CVE-2023-6861 (bmo#1864118) Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode * CVE-2023-6862 (bmo#1868042)
Ana Guerrero (anag+factory)
accepted
request 1132769
from
Wolfgang Rosenauer (wrosenauer)
(revision 326)
- Mozilla Thunderbird 115.5.2 Bugfix release https://www.thunderbird.net/en-US/thunderbird/115.5.2/releasenotes/
Ana Guerrero (anag+factory)
accepted
request 1129733
from
Wolfgang Rosenauer (wrosenauer)
(revision 325)
- Mozilla Thunderbird 115.5.1 Bugfix release https://www.thunderbird.net/en-US/thunderbird/115.5.1/releasenotes * Advanced GnuPG keys may be protected with an unexpected passphrase * OpenPGP signatures rejected due to mismatched signature timestamp now display signature timestamp and clarifying message * Advanced address book search did not return results if display name was left blank * Clicking on attendee when inviting attendees added the attendee twice
Ana Guerrero (anag+factory)
accepted
request 1128271
from
Wolfgang Rosenauer (wrosenauer)
(revision 324)
- Mozilla Thunderbird 115.5.0 https://www.thunderbird.net/en-US/thunderbird/115.5.0/releasenotes MFSA 2023-52 (bsc#1217230) * CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled * CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207 (bmo#1861344) Use-after-free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with "///" * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
Ana Guerrero (anag+factory)
accepted
request 1126791
from
Wolfgang Rosenauer (wrosenauer)
(revision 323)
- Mozilla Thunderbird 115.4.3 Bugfix release https://www.thunderbird.net/en-US/thunderbird/115.4.3/releasenotes
Ana Guerrero (anag+factory)
accepted
request 1124229
from
Wolfgang Rosenauer (wrosenauer)
(revision 322)
- Mozilla Thunderbird 115.4.2 https://www.thunderbird.net/en-US/thunderbird/115.4.2/releasenotes - build using rust/cargo 1.72 (1.69 about to be dropped from Factory)
Ana Guerrero (anag+factory)
accepted
request 1120173
from
Wolfgang Rosenauer (wrosenauer)
(revision 321)
- Mozilla Thunderbird 115.4.1 https://www.thunderbird.net/en-US/thunderbird/115.4.1/releasenotes https://www.thunderbird.net/en-US/thunderbird/115.4.0/releasenotes MFSA 2023-47 (bsc#1216338) * CVE-2023-5721 (bmo#1830820) Queued up rendering could have allowed websites to clickjack * CVE-2023-5732 (bmo#1690979, bmo#1836962) Address bar spoofing via bidirectional characters * CVE-2023-5724 (bmo#1836705) Large WebGL draw could have led to a crash * CVE-2023-5725 (bmo#1845739) WebExtensions could open arbitrary URLs * CVE-2023-5726 (bmo#1846205) Full screen notification obscured by file open dialog on macOS * CVE-2023-5727 (bmo#1847180) Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728 (bmo#1852729) Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833, bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002, bmo#1855306, bmo#1855640, bmo#1856695) Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 - removed obsolete mozilla-bmo1846703.patch - Mozilla Thunderbird 115.3.3 * fixed: "Folder Location" toolbar button did not work for local folders (bmo#1843979)
Ana Guerrero (anag+factory)
accepted
request 1116802
from
Wolfgang Rosenauer (wrosenauer)
(revision 320)
- Mozilla Thunderbird 115.3.2 Bugfix release https://www.thunderbird.net/en-US/thunderbird/115.3.2/releasenotes
Ana Guerrero (anag+factory)
accepted
request 1114452
from
Wolfgang Rosenauer (wrosenauer)
(revision 319)
- Mozilla Thunderbird 115.3.1 MFSA 2023-45 (bsc#1215814) * CVE-2023-5217 (bmo#1855550) Heap buffer overflow in libvpx - Add mozilla-bmo1846703.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 1113844
from
Wolfgang Rosenauer (wrosenauer)
(revision 318)
- Mozilla Thunderbird 115.3.0 https://www.thunderbird.net/en-US/thunderbird/115.3.0/releasenotes MFSA 2023-43 (bsc#1215575) * CVE-2023-5168 (bmo#1846683) Out-of-bounds write in FilterNodeD2D1 * CVE-2023-5169 (bmo#1846685) Out-of-bounds write in PathOps * CVE-2023-5171 (bmo#1851599) Use-after-free in Ion Compiler * CVE-2023-5174 (bmo#1848454) Double-free in process spawning on Windows * CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195) Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3
Ana Guerrero (anag+factory)
accepted
request 1112694
from
Wolfgang Rosenauer (wrosenauer)
(revision 317)
- Mozilla Thunderbird 115.2.3 Bugfix release: https://www.thunderbird.net/en-US/thunderbird/115.2.3/releasenotes
Ana Guerrero (anag+factory)
accepted
request 1110767
from
Wolfgang Rosenauer (wrosenauer)
(revision 316)
Ana Guerrero (anag+factory)
accepted
request 1109528
from
Wolfgang Rosenauer (wrosenauer)
(revision 315)
- Mozilla Thunderbird 115.2.0 https://www.thunderbird.net/en-US/thunderbird/115.2.0/releasenotes MFSA 2023-38 (bsc#1214606) * CVE-2023-4573 (bmo#1846687) Memory corruption in IPC CanvasTranslator * CVE-2023-4574 (bmo#1846688) Memory corruption in IPC ColorPickerShownCallback * CVE-2023-4575 (bmo#1846689) Memory corruption in IPC FilePickerShownCallback * CVE-2023-4576 (bmo#1846694) Integer Overflow in RecordedSourceSurfaceCreation * CVE-2023-4577 (bmo#1847397) Memory corruption in JIT UpdateRegExpStatics * CVE-2023-4051 (bmo#1821884) Full screen notification obscured by file open dialog * CVE-2023-4578 (bmo#1839007) Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception * CVE-2023-4053 (bmo#1839079) Full screen notification obscured by external program * CVE-2023-4580 (bmo#1843046) Push notifications saved to disk unencrypted * CVE-2023-4581 (bmo#1843758) XLL file extensions were downloadable without warnings * CVE-2023-4582 (bmo#1773874) Buffer Overflow in WebGL glGetProgramiv * CVE-2023-4583 (bmo#1842030) Browsing Context potentially not cleared when closing Private Window * CVE-2023-4584 (bmo#1843968, bmo#1845205, bmo#1846080,
Dominique Leuenberger (dimstar_suse)
accepted
request 1102113
from
Wolfgang Rosenauer (wrosenauer)
(revision 314)
- Mozilla Thunderbird 102.14.0 MFSA 2023-32 (bsc#1213746) * CVE-2023-4045 (bmo#1833876) Offscreen Canvas could have bypassed cross-origin restrictions * CVE-2023-4046 (bmo#1837686) Incorrect value used during WASM compilation * CVE-2023-4047 (bmo#1839073) Potential permissions request bypass via clickjacking * CVE-2023-4048 (bmo#1841368) Crash in DOMParser due to out-of-memory conditions * CVE-2023-4049 (bmo#1842658) Fix potential race conditions when releasing platform objects * CVE-2023-4050 (bmo#1843038) Stack buffer overflow in StorageManager * CVE-2023-4054 (bmo#1840777) Lack of warning when opening appref-ms files * CVE-2023-4055 (bmo#1782561) Cookie jar overflow caused unexpected cookie jar state * CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 * CVE-2023-3417 (bmo#1835582, boo#1213658)
Displaying revisions 1 - 20 of 333