openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of MozillaThunderbird

Ana Guerrero (anag+factory) accepted request 1222591 from

Wolfgang Rosenauer (wrosenauer) 7 days ago (revision 346)

Dominique Leuenberger (dimstar_suse) accepted request 1219576 from

Wolfgang Rosenauer (wrosenauer) 16 days ago (revision 345)

- Mozilla Thunderbird 128.4.0
  * Export Thunderbird account settings to Thunderbird Mobile via QRCode
  Bugfixes:
  * Unable to send an unencrypted response to an OpenPGP encrypted message
  MFSA 2024-58 (bsc#1231879)
  * CVE-2024-10458 (bmo#1921733)
    Permission leak via embed or object elements
  * CVE-2024-10459 (bmo#1919087)
    Use-after-free in layout with accessibility
  * CVE-2024-10460 (bmo#1912537)
    Confusing display of origin for external protocol handler prompt
  * CVE-2024-10461 (bmo#1914521)
    XSS due to Content-Disposition being ignored in
    multipart/x-mixed-replace response
  * CVE-2024-10462 (bmo#1920423)
    Origin of permission prompt could be spoofed by long URL
  * CVE-2024-10463 (bmo#1920800)
    Cross origin video frame leak
  * CVE-2024-10464 (bmo#1913000)
    History interface could have been used to cause a Denial of
    Service condition in the browser
  * CVE-2024-10465 (bmo#1918853)
    Clipboard "paste" button persisted across tabs
  * CVE-2024-10466 (bmo#1924154)
    DOM push subscription message could hang Firefox
  * CVE-2024-10467 (bmo#1829029, bmo#1888538, bmo#1900394, bmo#1904059,
    bmo#1917742, bmo#1919809, bmo#1923706)
    Memory safety bugs fixed in Firefox 132, Thunderbird 132,
    Firefox ESR 128.4, and Thunderbird 128.4

Ana Guerrero (anag+factory) accepted request 1217157 from

Wolfgang Rosenauer (wrosenauer) 23 days ago (revision 344)

Ana Guerrero (anag+factory) accepted request 1208840 from

Wolfgang Rosenauer (wrosenauer) 28 days ago (revision 343)

- Mozilla Thunderbird 128.3.2
  bugfix release:
  https://www.thunderbird.net/en-US/thunderbird/128.3.2esr/releasenotes
- bring back mozilla-bmo531915.patch to fix x86

Ana Guerrero (anag+factory) accepted request 1207082 from

Wolfgang Rosenauer (wrosenauer) about 1 month ago (revision 342)

- Mozilla Thunderbird 128.3.1
  https://www.thunderbird.net/en-US/thunderbird/128.0esr/releasenotes/
  and following release notes for minor version updates
  MFSA 2024-52  (bsc#1231413)
  * CVE-2024-9680 (bmo#1923344)
    Use-after-free in Animation timeline
  Mozilla Thunderbird 128.3.0
  MFSA 2024-32 (128.0)
  MFSA 2024-37 (128.1)
  MFSA 2024-43 (128.2)
  MFSA 2024-49 (128.3) (bsc#1230979)
  * CVE-2024-9392 (bmo#1899154, bmo#1905843)
    Compromised content process can bypass site isolation
  * CVE-2024-9393 (bmo#1918301)
    Cross-origin access to PDF contents through multipart responses
  * CVE-2024-9394 (bmo#1918874)
    Cross-origin access to JSON contents through multipart responses
  * CVE-2024-8900 (bmo#1872841)
    Clipboard write permission bypass
  * CVE-2024-9396 (bmo#1912471)
    Potential memory corruption may occur when cloning certain objects
  * CVE-2024-9397 (bmo#1916659)
    Potential directory upload bypass via clickjacking
  * CVE-2024-9398 (bmo#1881037)
    External protocol handlers could be enumerated via popups
  * CVE-2024-9399 (bmo#1907726)
    Specially crafted WebTransport requests could lead to denial
    of service
  * CVE-2024-9400 (bmo#1915249)
    Potential memory corruption during JIT compilation

Ana Guerrero (anag+factory) accepted request 1199551 from

Wolfgang Rosenauer (wrosenauer) 2 months ago (revision 341)

- Mozilla Thunderbird 115.15.0
  MFSA 2024-44 (bsc#1229821)
  * CVE-2024-8381 (bmo#1912715)
    Type confusion when looking up a property name in a "with"
    block
  * CVE-2024-8382 (bmo#1906744)
    Internal event interfaces were exposed to web content when
    browser EventHandler listener callbacks ran
  * CVE-2024-8384 (bmo#1911288)
    Garbage collection could mis-color cross-compartment objects
    in OOM conditions

- Use gcc13 on Tumbleweed and where it is available.
- Don't use gcc14 as sources don't compile.

Dominique Leuenberger (dimstar_suse) accepted request 1192519 from

Wolfgang Rosenauer (wrosenauer) 3 months ago (revision 340)

- Mozilla Thunderbird 115.14.0
  * When using an external installation of GnuPG, Thunderbird
    occassionally sent/received corrupted messages (bmo#1898832)
  * Users of external GnuPG were unable to decrypt incorrectly
    encoded messages (bmo#1906903)
  MFSA 2024-38 (bsc#1228648)
  * CVE-2024-7519 (bmo#1902307)
    Out of bounds memory access in graphics shared memory handling
  * CVE-2024-7521 (bmo#1904644)
    Incomplete WebAssembly exception handing
  * CVE-2024-7522 (bmo#1906727)
    Out of bounds read in editor component
  * CVE-2024-7525 (bmo#1909298)
    Missing permission check when creating a StreamFilter
  * CVE-2024-7526 (bmo#1910306)
    Uninitialized memory used by WebGL
  * CVE-2024-7527 (bmo#1871303)
    Use-after-free in JavaScript garbage collection
  * CVE-2024-7529 (bmo#1903187)
    Document content could partially obscure security prompts

Ana Guerrero (anag+factory) accepted request 1187370 from

Wolfgang Rosenauer (wrosenauer) 4 months ago (revision 339)

- Mozilla Thunderbird 115.13.0
  * After starting Thunderbird, the message list position was
    sometimes set to an incorrect position
  MFSA 2024-30 (bsc#1226316)
  * CVE-2024-6600 (bmo#1888340)
    Memory corruption in WebGL API
  * CVE-2024-6601 (bmo#1890748)
    Race condition in permission assignment
  * CVE-2024-6602 (bmo#1895032)
    Memory corruption in NSS
  * CVE-2024-6603 (bmo#1895081)
    Memory corruption in thread creation
  * CVE-2024-6604 (bmo#1748105, bmo#1837550, bmo#1884266)
    Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13,
    and Thunderbird 115.13

Ana Guerrero (anag+factory) accepted request 1185328 from

Wolfgang Rosenauer (wrosenauer) 4 months ago (revision 338)

Ana Guerrero (anag+factory) accepted request 1181261 from

Wolfgang Rosenauer (wrosenauer) 5 months ago (revision 337)

- Mozilla Thunderbird 115.12.0
  https://www.thunderbird.net/en-US/thunderbird/115.12.0/releasenotes
  MFSA 2024-28 (bsc#1226027)
  * CVE-2024-5702 (bmo#1193389)
    Use-after-free in networking
  * CVE-2024-5688 (bmo#1895086)
    Use-after-free in JavaScript object transplant
  * CVE-2024-5690 (bmo#1883693)
    External protocol handlers leaked by timing attack
  * CVE-2024-5691 (bmo#1888695)
    Sandboxed iframes were able to bypass sandbox restrictions to
    open a new window
  * CVE-2024-5692 (bmo#1891234)
    Bypass of file name restrictions during saving
  * CVE-2024-5693 (bmo#1891319)
    Cross-Origin Image leak via Offscreen Canvas
  * CVE-2024-5696 (bmo#1896555)
    Memory Corruption in Text Fragments
  * CVE-2024-5700 (bmo#1862809, bmo#1889355, bmo#1893388, bmo#1895123)
    Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
    and Thunderbird 115.12

Ana Guerrero (anag+factory) accepted request 1179943 from

Factory Maintainer (factory-maintainer) 5 months ago (revision 336)

Automatic submission by obs-autosubmit

Ana Guerrero (anag+factory) accepted request 1175556 from

Wolfgang Rosenauer (wrosenauer) 6 months ago (revision 335)

- Mozilla Thunderbird 115.11.0
  MFSA 2024-23 (bsc#1224056)
  * CVE-2024-4367 (bmo#1893645)
    Arbitrary JavaScript execution in PDF.js
  * CVE-2024-4767 (bmo#1878577)
    IndexedDB files retained in private browsing mode
  * CVE-2024-4768 (bmo#1886082)
    Potential permissions request bypass via clickjacking
  * CVE-2024-4769 (bmo#1886108)
    Cross-origin responses could be distinguished between script
    and non-script content-types
  * CVE-2024-4770 (bmo#1893270)
    Use-after-free could occur when printing to PDF
  * CVE-2024-4777 (bmo#1878199, bmo#1893340)
    Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11,
    and Thunderbird 115.11

Ana Guerrero (anag+factory) accepted request 1171966 from

Wolfgang Rosenauer (wrosenauer) 6 months ago (revision 334)

Ana Guerrero (anag+factory) accepted request 1169354 from

Wolfgang Rosenauer (wrosenauer) 7 months ago (revision 333)

- Mozilla Thunderbird 115.10.1
  https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/
  * fixed hangup introduced with 115.10.0 (bmo#1891889)

- Mozilla Thunderbird 115.10.0
  https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/
  MFSA 2024-20 (bsc#1222535)
  * CVE-2024-3852 (bmo#1883542)
    GetBoundName in the JIT returned the wrong object
  * CVE-2024-3854 (bmo#1884552)
    Out-of-bounds-read after mis-optimized switch statement
  * CVE-2024-3857 (bmo#1886683)
    Incorrect JITting of arguments led to use-after-free during
    garbage collection
  * CVE-2024-2609 (bmo#1866100)
    Permission prompt input delay could expire when not in focus
  * CVE-2024-3859 (bmo#1874489)
    Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
  * CVE-2024-3861 (bmo#1883158)
    Potential use-after-free due to AlignedBuffer self-move
  * CVE-2024-3863 (bmo#1885855)
    Download Protections were bypassed by .xrm-ms files on Windows
  * CVE-2024-3302 (bmo#1881183)
    Denial of Service using HTTP/2 CONTINUATION frames
  * CVE-2024-3864 (bmo#1888333)
    Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
    and Thunderbird 115.10

Ana Guerrero (anag+factory) accepted request 1160556 from

Wolfgang Rosenauer (wrosenauer) 8 months ago (revision 332)

- LLVM18 breaks building Thunderbird on Tumbleweed; add
  * mozilla-fix-issues-with-llvm18.patch

- Mozilla Thunderbird 115.9.0
  https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/
  MFSA 2024-14 (bsc#1221327)
  * CVE-2024-0743 (bmo#1867408)
    Crash in NSS TLS method
  * CVE-2024-2605 (bmo#1872920)
    Windows Error Reporter could be used as a Sandbox escape vector
  * CVE-2024-2607 (bmo#1879939)
    JIT code failed to save return registers on Armv7-A
  * CVE-2024-2608 (bmo#1880692)
    Integer overflow could have led to out of bounds write
  * CVE-2024-2616 (bmo#1846197)
    Improve handling of out-of-memory conditions in ICU
  * CVE-2023-5388 (bmo#1780432)
    NSS susceptible to timing attack against RSA decryption
  * CVE-2024-2610 (bmo#1871112)
    Improper handling of html and body tags enabled CSP nonce leakage
  * CVE-2024-2611 (bmo#1876675)
    Clickjacking vulnerability could have led to a user accidentally
    granting permissions
  * CVE-2024-2612 (bmo#1879444)
    Self referencing object could have potentially led to a use-
    after-free
  * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093)
    Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9,
    and Thunderbird 115.9

Dominique Leuenberger (dimstar_suse) accepted request 1155826 from

Wolfgang Rosenauer (wrosenauer) 8 months ago (revision 331)

- Mozilla Thunderbird 115.8.1
  https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/
  MFSA 2024-11
  * CVE-2024-1936 (bmo#1860977)
    Leaking of encrypted email subjects to other conversations

Ana Guerrero (anag+factory) accepted request 1150520 from

Wolfgang Rosenauer (wrosenauer) 9 months ago (revision 330)

Ana Guerrero (anag+factory) accepted request 1141172 from

Wolfgang Rosenauer (wrosenauer) 10 months ago (revision 329)

- Mozilla Thunderbird 115.7.0
  https://www.thunderbird.net/en-US/thunderbird/115.7.0/releasenotes/
  MFSA 2024-04 (bsc#1218955)
  * CVE-2024-0741 (bmo#1864587)
    Out of bounds write in ANGLE
  * CVE-2024-0742 (bmo#1867152)
    Failure to update user input timestamp
  * CVE-2024-0746 (bmo#1660223)
    Crash when listing printers on Linux
  * CVE-2024-0747 (bmo#1764343)
    Bypass of Content Security Policy when directive unsafe-inline was set
  * CVE-2024-0749 (bmo#1813463)
    Phishing site popup could show local origin in address bar
  * CVE-2024-0750 (bmo#1863083)
    Potential permissions request bypass via clickjacking
  * CVE-2024-0751 (bmo#1865689)
    Privilege escalation through devtools
  * CVE-2024-0753 (bmo#1870262)
    HSTS policy on subdomain could bypass policy of upper domain
  * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701)
    Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7,
    and Thunderbird 115.7

Ana Guerrero (anag+factory) accepted request 1138352 from

Wolfgang Rosenauer (wrosenauer) 10 months ago (revision 328)

Ana Guerrero (anag+factory) accepted request 1134147 from

Wolfgang Rosenauer (wrosenauer) 11 months ago (revision 327)

- Mozilla Thunderbird 115.6.0
  https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/
  * Message selection misbehaved after selecting a sub-message in an
    expanded thread, collapsing the thread, then pressing up/down to
    move selection
  * Thunderbird now attempts to reconnect on a new connection after
    SMTP 4xx errors
  * HTML FileLink attachments used the wrong encoding
  MFSA 2023-55 (bsc#1217230)
  * CVE-2023-50762 (bmo#1862625)
    Truncated signed text was shown with a valid OpenPGP
    signature
  * CVE-2023-50761 (bmo#1865647)
    S/MIME signature accepted despite mismatching message date
  * CVE-2023-6856 (bmo#1843782)
    Heap-buffer-overflow affecting WebGL DrawElementsInstanced
    method with Mesa VM driver
  * CVE-2023-6857 (bmo#1796023)
    Symlinks may resolve to smaller than expected buffers
  * CVE-2023-6858 (bmo#1826791)
    Heap buffer overflow in nsTextFragment
  * CVE-2023-6859 (bmo#1840144)
    Use-after-free in PR_GetIdentitiesLayer
  * CVE-2023-6860 (bmo#1854669)
    Potential sandbox escape due to VideoBridge lack of texture
    validation
  * CVE-2023-6861 (bmo#1864118)
    Heap buffer overflow affected nsWindow::PickerOpen(void) in
    headless mode
  * CVE-2023-6862 (bmo#1868042)

Displaying revisions 1 - 20 of 346

Places

Revisions of MozillaThunderbird

Places