Revisions of MozillaThunderbird
Ana Guerrero (anag+factory)
accepted
request 1225214
from
Wolfgang Rosenauer (wrosenauer)
(revision 348)
- Mozilla Thunderbird 128.4.4 * QR codes were not scannable by Android app when using most high-contrast themes * Primary password prompt cancellation during mobile export was confusing - revert using xdg-desktop-portal as some desktops have limited support
Ana Guerrero (anag+factory)
accepted
request 1224250
from
Wolfgang Rosenauer (wrosenauer)
(revision 347)
- Mozilla Thunderbird 128.4.3 Fixes: * Folder corruption could cause Thunderbird to freeze and become unusable * Message corruption could be propagated when reading mbox * Folder compaction was not abandoned on shutdown * Folder compaction did not clean up on failure * Collapsed NNTP thread incorrectly indicated there were unread messages * Navigating to next unread message did not wait for all messages to be loaded * Applying column view to folder and children could break if folder error occurred * Remote content notifications were broken with encrypted messages * Updating criteria of a saved search resulted in poor search performance * Drop-downs may not work in some places MFSA 2024-61 * CVE-2024-11159 (bmo#1925929) Potential disclosure of plaintext in OpenPGP encrypted message - remove kmozillahelper support (boo#1226112) * removed mozilla-kde.patch * requires xdg-desktop-portal instead
Ana Guerrero (anag+factory)
accepted
request 1222591
from
Wolfgang Rosenauer (wrosenauer)
(revision 346)
Dominique Leuenberger (dimstar_suse)
accepted
request 1219576
from
Wolfgang Rosenauer (wrosenauer)
(revision 345)
- Mozilla Thunderbird 128.4.0 * Export Thunderbird account settings to Thunderbird Mobile via QRCode Bugfixes: * Unable to send an unencrypted response to an OpenPGP encrypted message MFSA 2024-58 (bsc#1231879) * CVE-2024-10458 (bmo#1921733) Permission leak via embed or object elements * CVE-2024-10459 (bmo#1919087) Use-after-free in layout with accessibility * CVE-2024-10460 (bmo#1912537) Confusing display of origin for external protocol handler prompt * CVE-2024-10461 (bmo#1914521) XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response * CVE-2024-10462 (bmo#1920423) Origin of permission prompt could be spoofed by long URL * CVE-2024-10463 (bmo#1920800) Cross origin video frame leak * CVE-2024-10464 (bmo#1913000) History interface could have been used to cause a Denial of Service condition in the browser * CVE-2024-10465 (bmo#1918853) Clipboard "paste" button persisted across tabs * CVE-2024-10466 (bmo#1924154) DOM push subscription message could hang Firefox * CVE-2024-10467 (bmo#1829029, bmo#1888538, bmo#1900394, bmo#1904059, bmo#1917742, bmo#1919809, bmo#1923706) Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
Ana Guerrero (anag+factory)
accepted
request 1217157
from
Wolfgang Rosenauer (wrosenauer)
(revision 344)
Ana Guerrero (anag+factory)
accepted
request 1208840
from
Wolfgang Rosenauer (wrosenauer)
(revision 343)
- Mozilla Thunderbird 128.3.2 bugfix release: https://www.thunderbird.net/en-US/thunderbird/128.3.2esr/releasenotes - bring back mozilla-bmo531915.patch to fix x86
Ana Guerrero (anag+factory)
accepted
request 1207082
from
Wolfgang Rosenauer (wrosenauer)
(revision 342)
- Mozilla Thunderbird 128.3.1 https://www.thunderbird.net/en-US/thunderbird/128.0esr/releasenotes/ and following release notes for minor version updates MFSA 2024-52 (bsc#1231413) * CVE-2024-9680 (bmo#1923344) Use-after-free in Animation timeline Mozilla Thunderbird 128.3.0 MFSA 2024-32 (128.0) MFSA 2024-37 (128.1) MFSA 2024-43 (128.2) MFSA 2024-49 (128.3) (bsc#1230979) * CVE-2024-9392 (bmo#1899154, bmo#1905843) Compromised content process can bypass site isolation * CVE-2024-9393 (bmo#1918301) Cross-origin access to PDF contents through multipart responses * CVE-2024-9394 (bmo#1918874) Cross-origin access to JSON contents through multipart responses * CVE-2024-8900 (bmo#1872841) Clipboard write permission bypass * CVE-2024-9396 (bmo#1912471) Potential memory corruption may occur when cloning certain objects * CVE-2024-9397 (bmo#1916659) Potential directory upload bypass via clickjacking * CVE-2024-9398 (bmo#1881037) External protocol handlers could be enumerated via popups * CVE-2024-9399 (bmo#1907726) Specially crafted WebTransport requests could lead to denial of service * CVE-2024-9400 (bmo#1915249) Potential memory corruption during JIT compilation
Ana Guerrero (anag+factory)
accepted
request 1199551
from
Wolfgang Rosenauer (wrosenauer)
(revision 341)
- Mozilla Thunderbird 115.15.0 MFSA 2024-44 (bsc#1229821) * CVE-2024-8381 (bmo#1912715) Type confusion when looking up a property name in a "with" block * CVE-2024-8382 (bmo#1906744) Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran * CVE-2024-8384 (bmo#1911288) Garbage collection could mis-color cross-compartment objects in OOM conditions - Use gcc13 on Tumbleweed and where it is available. - Don't use gcc14 as sources don't compile.
Dominique Leuenberger (dimstar_suse)
accepted
request 1192519
from
Wolfgang Rosenauer (wrosenauer)
(revision 340)
- Mozilla Thunderbird 115.14.0 * When using an external installation of GnuPG, Thunderbird occassionally sent/received corrupted messages (bmo#1898832) * Users of external GnuPG were unable to decrypt incorrectly encoded messages (bmo#1906903) MFSA 2024-38 (bsc#1228648) * CVE-2024-7519 (bmo#1902307) Out of bounds memory access in graphics shared memory handling * CVE-2024-7521 (bmo#1904644) Incomplete WebAssembly exception handing * CVE-2024-7522 (bmo#1906727) Out of bounds read in editor component * CVE-2024-7525 (bmo#1909298) Missing permission check when creating a StreamFilter * CVE-2024-7526 (bmo#1910306) Uninitialized memory used by WebGL * CVE-2024-7527 (bmo#1871303) Use-after-free in JavaScript garbage collection * CVE-2024-7529 (bmo#1903187) Document content could partially obscure security prompts
Ana Guerrero (anag+factory)
accepted
request 1187370
from
Wolfgang Rosenauer (wrosenauer)
(revision 339)
- Mozilla Thunderbird 115.13.0 * After starting Thunderbird, the message list position was sometimes set to an incorrect position MFSA 2024-30 (bsc#1226316) * CVE-2024-6600 (bmo#1888340) Memory corruption in WebGL API * CVE-2024-6601 (bmo#1890748) Race condition in permission assignment * CVE-2024-6602 (bmo#1895032) Memory corruption in NSS * CVE-2024-6603 (bmo#1895081) Memory corruption in thread creation * CVE-2024-6604 (bmo#1748105, bmo#1837550, bmo#1884266) Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13
Ana Guerrero (anag+factory)
accepted
request 1185328
from
Wolfgang Rosenauer (wrosenauer)
(revision 338)
Ana Guerrero (anag+factory)
accepted
request 1181261
from
Wolfgang Rosenauer (wrosenauer)
(revision 337)
- Mozilla Thunderbird 115.12.0 https://www.thunderbird.net/en-US/thunderbird/115.12.0/releasenotes MFSA 2024-28 (bsc#1226027) * CVE-2024-5702 (bmo#1193389) Use-after-free in networking * CVE-2024-5688 (bmo#1895086) Use-after-free in JavaScript object transplant * CVE-2024-5690 (bmo#1883693) External protocol handlers leaked by timing attack * CVE-2024-5691 (bmo#1888695) Sandboxed iframes were able to bypass sandbox restrictions to open a new window * CVE-2024-5692 (bmo#1891234) Bypass of file name restrictions during saving * CVE-2024-5693 (bmo#1891319) Cross-Origin Image leak via Offscreen Canvas * CVE-2024-5696 (bmo#1896555) Memory Corruption in Text Fragments * CVE-2024-5700 (bmo#1862809, bmo#1889355, bmo#1893388, bmo#1895123) Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12
Ana Guerrero (anag+factory)
accepted
request 1179943
from
Factory Maintainer (factory-maintainer)
(revision 336)
Automatic submission by obs-autosubmit
Ana Guerrero (anag+factory)
accepted
request 1175556
from
Wolfgang Rosenauer (wrosenauer)
(revision 335)
- Mozilla Thunderbird 115.11.0 MFSA 2024-23 (bsc#1224056) * CVE-2024-4367 (bmo#1893645) Arbitrary JavaScript execution in PDF.js * CVE-2024-4767 (bmo#1878577) IndexedDB files retained in private browsing mode * CVE-2024-4768 (bmo#1886082) Potential permissions request bypass via clickjacking * CVE-2024-4769 (bmo#1886108) Cross-origin responses could be distinguished between script and non-script content-types * CVE-2024-4770 (bmo#1893270) Use-after-free could occur when printing to PDF * CVE-2024-4777 (bmo#1878199, bmo#1893340) Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11
Ana Guerrero (anag+factory)
accepted
request 1171966
from
Wolfgang Rosenauer (wrosenauer)
(revision 334)
Ana Guerrero (anag+factory)
accepted
request 1169354
from
Wolfgang Rosenauer (wrosenauer)
(revision 333)
- Mozilla Thunderbird 115.10.1 https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/ * fixed hangup introduced with 115.10.0 (bmo#1891889) - Mozilla Thunderbird 115.10.0 https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/ MFSA 2024-20 (bsc#1222535) * CVE-2024-3852 (bmo#1883542) GetBoundName in the JIT returned the wrong object * CVE-2024-3854 (bmo#1884552) Out-of-bounds-read after mis-optimized switch statement * CVE-2024-3857 (bmo#1886683) Incorrect JITting of arguments led to use-after-free during garbage collection * CVE-2024-2609 (bmo#1866100) Permission prompt input delay could expire when not in focus * CVE-2024-3859 (bmo#1874489) Integer-overflow led to out-of-bounds-read in the OpenType sanitizer * CVE-2024-3861 (bmo#1883158) Potential use-after-free due to AlignedBuffer self-move * CVE-2024-3863 (bmo#1885855) Download Protections were bypassed by .xrm-ms files on Windows * CVE-2024-3302 (bmo#1881183) Denial of Service using HTTP/2 CONTINUATION frames * CVE-2024-3864 (bmo#1888333) Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
Ana Guerrero (anag+factory)
accepted
request 1160556
from
Wolfgang Rosenauer (wrosenauer)
(revision 332)
- LLVM18 breaks building Thunderbird on Tumbleweed; add * mozilla-fix-issues-with-llvm18.patch - Mozilla Thunderbird 115.9.0 https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/ MFSA 2024-14 (bsc#1221327) * CVE-2024-0743 (bmo#1867408) Crash in NSS TLS method * CVE-2024-2605 (bmo#1872920) Windows Error Reporter could be used as a Sandbox escape vector * CVE-2024-2607 (bmo#1879939) JIT code failed to save return registers on Armv7-A * CVE-2024-2608 (bmo#1880692) Integer overflow could have led to out of bounds write * CVE-2024-2616 (bmo#1846197) Improve handling of out-of-memory conditions in ICU * CVE-2023-5388 (bmo#1780432) NSS susceptible to timing attack against RSA decryption * CVE-2024-2610 (bmo#1871112) Improper handling of html and body tags enabled CSP nonce leakage * CVE-2024-2611 (bmo#1876675) Clickjacking vulnerability could have led to a user accidentally granting permissions * CVE-2024-2612 (bmo#1879444) Self referencing object could have potentially led to a use- after-free * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093) Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
Dominique Leuenberger (dimstar_suse)
accepted
request 1155826
from
Wolfgang Rosenauer (wrosenauer)
(revision 331)
- Mozilla Thunderbird 115.8.1 https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/ MFSA 2024-11 * CVE-2024-1936 (bmo#1860977) Leaking of encrypted email subjects to other conversations
Ana Guerrero (anag+factory)
accepted
request 1150520
from
Wolfgang Rosenauer (wrosenauer)
(revision 330)
Ana Guerrero (anag+factory)
accepted
request 1141172
from
Wolfgang Rosenauer (wrosenauer)
(revision 329)
- Mozilla Thunderbird 115.7.0 https://www.thunderbird.net/en-US/thunderbird/115.7.0/releasenotes/ MFSA 2024-04 (bsc#1218955) * CVE-2024-0741 (bmo#1864587) Out of bounds write in ANGLE * CVE-2024-0742 (bmo#1867152) Failure to update user input timestamp * CVE-2024-0746 (bmo#1660223) Crash when listing printers on Linux * CVE-2024-0747 (bmo#1764343) Bypass of Content Security Policy when directive unsafe-inline was set * CVE-2024-0749 (bmo#1813463) Phishing site popup could show local origin in address bar * CVE-2024-0750 (bmo#1863083) Potential permissions request bypass via clickjacking * CVE-2024-0751 (bmo#1865689) Privilege escalation through devtools * CVE-2024-0753 (bmo#1870262) HSTS policy on subdomain could bypass policy of upper domain * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701) Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
Displaying revisions 1 - 20 of 348