Revisions of MozillaThunderbird
buildservice-autocommit
accepted
request 1175556
from
Wolfgang Rosenauer (wrosenauer)
(revision 758)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 757)
- Mozilla Thunderbird 115.11.0 MFSA 2024-23 (bsc#1224056) * CVE-2024-4367 (bmo#1893645) Arbitrary JavaScript execution in PDF.js * CVE-2024-4767 (bmo#1878577) IndexedDB files retained in private browsing mode * CVE-2024-4768 (bmo#1886082) Potential permissions request bypass via clickjacking * CVE-2024-4769 (bmo#1886108) Cross-origin responses could be distinguished between script and non-script content-types * CVE-2024-4770 (bmo#1893270) Use-after-free could occur when printing to PDF * CVE-2024-4777 (bmo#1878199, bmo#1893340) Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11
buildservice-autocommit
accepted
request 1171966
from
Wolfgang Rosenauer (wrosenauer)
(revision 756)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 1171925
from
Andreas Stieger (AndreasStieger)
(revision 755)
Mozilla Thunderbird 115.10.2
buildservice-autocommit
accepted
request 1169354
from
Wolfgang Rosenauer (wrosenauer)
(revision 754)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 753)
- Mozilla Thunderbird 115.10.1 https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/ * fixed hangup introduced with 115.10.0 (bmo#1891889) - Mozilla Thunderbird 115.10.0 https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/ MFSA 2024-20 (bsc#1222535) * CVE-2024-3852 (bmo#1883542) GetBoundName in the JIT returned the wrong object * CVE-2024-3854 (bmo#1884552) Out-of-bounds-read after mis-optimized switch statement * CVE-2024-3857 (bmo#1886683) Incorrect JITting of arguments led to use-after-free during garbage collection * CVE-2024-2609 (bmo#1866100) Permission prompt input delay could expire when not in focus * CVE-2024-3859 (bmo#1874489) Integer-overflow led to out-of-bounds-read in the OpenType sanitizer * CVE-2024-3861 (bmo#1883158) Potential use-after-free due to AlignedBuffer self-move * CVE-2024-3863 (bmo#1885855) Download Protections were bypassed by .xrm-ms files on Windows * CVE-2024-3302 (bmo#1881183) Denial of Service using HTTP/2 CONTINUATION frames * CVE-2024-3864 (bmo#1888333) Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
buildservice-autocommit
accepted
request 1160556
from
Wolfgang Rosenauer (wrosenauer)
(revision 752)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 751)
- LLVM18 breaks building Thunderbird on Tumbleweed; add * mozilla-fix-issues-with-llvm18.patch - Mozilla Thunderbird 115.9.0 https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/ MFSA 2024-14 (bsc#1221327) * CVE-2024-0743 (bmo#1867408) Crash in NSS TLS method * CVE-2024-2605 (bmo#1872920) Windows Error Reporter could be used as a Sandbox escape vector * CVE-2024-2607 (bmo#1879939) JIT code failed to save return registers on Armv7-A * CVE-2024-2608 (bmo#1880692) Integer overflow could have led to out of bounds write * CVE-2024-2616 (bmo#1846197) Improve handling of out-of-memory conditions in ICU * CVE-2023-5388 (bmo#1780432) NSS susceptible to timing attack against RSA decryption * CVE-2024-2610 (bmo#1871112) Improper handling of html and body tags enabled CSP nonce leakage * CVE-2024-2611 (bmo#1876675) Clickjacking vulnerability could have led to a user accidentally granting permissions * CVE-2024-2612 (bmo#1879444) Self referencing object could have potentially led to a use- after-free * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093) Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
buildservice-autocommit
accepted
request 1155826
from
Wolfgang Rosenauer (wrosenauer)
(revision 750)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 749)
- Mozilla Thunderbird 115.8.1 https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/ MFSA 2024-11 * CVE-2024-1936 (bmo#1860977) Leaking of encrypted email subjects to other conversations
buildservice-autocommit
accepted
request 1150520
from
Wolfgang Rosenauer (wrosenauer)
(revision 748)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 1150189
from
Andreas Stieger (AndreasStieger)
(revision 747)
Mozilla Thunderbird 115.8.0
buildservice-autocommit
accepted
request 1141172
from
Wolfgang Rosenauer (wrosenauer)
(revision 746)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 745)
- Mozilla Thunderbird 115.7.0 https://www.thunderbird.net/en-US/thunderbird/115.7.0/releasenotes/ MFSA 2024-04 (bsc#1218955) * CVE-2024-0741 (bmo#1864587) Out of bounds write in ANGLE * CVE-2024-0742 (bmo#1867152) Failure to update user input timestamp * CVE-2024-0746 (bmo#1660223) Crash when listing printers on Linux * CVE-2024-0747 (bmo#1764343) Bypass of Content Security Policy when directive unsafe-inline was set * CVE-2024-0749 (bmo#1813463) Phishing site popup could show local origin in address bar * CVE-2024-0750 (bmo#1863083) Potential permissions request bypass via clickjacking * CVE-2024-0751 (bmo#1865689) Privilege escalation through devtools * CVE-2024-0753 (bmo#1870262) HSTS policy on subdomain could bypass policy of upper domain * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701) Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
buildservice-autocommit
accepted
request 1138352
from
Wolfgang Rosenauer (wrosenauer)
(revision 744)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
accepted
request 1137913
from
Martin Sirringhaus (MSirringhaus)
(revision 743)
(untested) Mozilla Thunderbird 115.6.1
buildservice-autocommit
accepted
request 1134147
from
Wolfgang Rosenauer (wrosenauer)
(revision 742)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 741)
- Mozilla Thunderbird 115.6.0 https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/ * Message selection misbehaved after selecting a sub-message in an expanded thread, collapsing the thread, then pressing up/down to move selection * Thunderbird now attempts to reconnect on a new connection after SMTP 4xx errors * HTML FileLink attachments used the wrong encoding MFSA 2023-55 (bsc#1217230) * CVE-2023-50762 (bmo#1862625) Truncated signed text was shown with a valid OpenPGP signature * CVE-2023-50761 (bmo#1865647) S/MIME signature accepted despite mismatching message date * CVE-2023-6856 (bmo#1843782) Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver * CVE-2023-6857 (bmo#1796023) Symlinks may resolve to smaller than expected buffers * CVE-2023-6858 (bmo#1826791) Heap buffer overflow in nsTextFragment * CVE-2023-6859 (bmo#1840144) Use-after-free in PR_GetIdentitiesLayer * CVE-2023-6860 (bmo#1854669) Potential sandbox escape due to VideoBridge lack of texture validation * CVE-2023-6861 (bmo#1864118) Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode * CVE-2023-6862 (bmo#1868042)
buildservice-autocommit
accepted
request 1132769
from
Wolfgang Rosenauer (wrosenauer)
(revision 740)
baserev update by copy to link target
Wolfgang Rosenauer (wrosenauer)
committed
(revision 739)
- Mozilla Thunderbird 115.5.2 Bugfix release https://www.thunderbird.net/en-US/thunderbird/115.5.2/releasenotes/
Displaying revisions 1 - 20 of 758