Overview
Request 1207082 accepted
- Mozilla Thunderbird 128.3.1
https://www.thunderbird.net/en-US/thunderbird/128.0esr/releasenotes/
and following release notes for minor version updates
MFSA 2024-52 (bsc#1231413)
* CVE-2024-9680 (bmo#1923344)
Use-after-free in Animation timeline
Mozilla Thunderbird 128.3.0
MFSA 2024-32 (128.0)
MFSA 2024-37 (128.1)
MFSA 2024-43 (128.2)
MFSA 2024-49 (128.3) (bsc#1230979)
* CVE-2024-9392 (bmo#1899154, bmo#1905843)
Compromised content process can bypass site isolation
* CVE-2024-9393 (bmo#1918301)
Cross-origin access to PDF contents through multipart responses
* CVE-2024-9394 (bmo#1918874)
Cross-origin access to JSON contents through multipart responses
* CVE-2024-8900 (bmo#1872841)
Clipboard write permission bypass
* CVE-2024-9396 (bmo#1912471)
Potential memory corruption may occur when cloning certain objects
* CVE-2024-9397 (bmo#1916659)
Potential directory upload bypass via clickjacking
* CVE-2024-9398 (bmo#1881037)
External protocol handlers could be enumerated via popups
* CVE-2024-9399 (bmo#1907726)
Specially crafted WebTransport requests could lead to denial
of service
* CVE-2024-9400 (bmo#1915249)
Potential memory corruption during JIT compilation
- Created by wrosenauer
- In state accepted
- Supersedes 1207037
Request History
wrosenauer created request
- Mozilla Thunderbird 128.3.1
https://www.thunderbird.net/en-US/thunderbird/128.0esr/releasenotes/
and following release notes for minor version updates
MFSA 2024-52 (bsc#1231413)
* CVE-2024-9680 (bmo#1923344)
Use-after-free in Animation timeline
Mozilla Thunderbird 128.3.0
MFSA 2024-32 (128.0)
MFSA 2024-37 (128.1)
MFSA 2024-43 (128.2)
MFSA 2024-49 (128.3) (bsc#1230979)
* CVE-2024-9392 (bmo#1899154, bmo#1905843)
Compromised content process can bypass site isolation
* CVE-2024-9393 (bmo#1918301)
Cross-origin access to PDF contents through multipart responses
* CVE-2024-9394 (bmo#1918874)
Cross-origin access to JSON contents through multipart responses
* CVE-2024-8900 (bmo#1872841)
Clipboard write permission bypass
* CVE-2024-9396 (bmo#1912471)
Potential memory corruption may occur when cloning certain objects
* CVE-2024-9397 (bmo#1916659)
Potential directory upload bypass via clickjacking
* CVE-2024-9398 (bmo#1881037)
External protocol handlers could be enumerated via popups
* CVE-2024-9399 (bmo#1907726)
Specially crafted WebTransport requests could lead to denial
of service
* CVE-2024-9400 (bmo#1915249)
Potential memory corruption during JIT compilation
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
anag+factory added as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:adi:10"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:adi:10"
dimstar accepted review
licensedigger accepted review
The legal review is accepted preliminary. The package may require actions later on.
anag+factory approved review
Staging Project openSUSE:Factory:Staging:adi:10 got accepted.
anag+factory accepted review
Staging Project openSUSE:Factory:Staging:adi:10 got accepted.
anag+factory accepted request
Staging Project openSUSE:Factory:Staging:adi:10 got accepted.
