SUSE-SU-2024:4050-1
- Source
- https://www.suse.com/support/update/announcement/2024/suse-su-20244050-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:4050-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:4050-1
- Related
- Published
- 2024-11-25T15:37:44Z
- Modified
- 2024-11-25T15:37:44Z
- Summary
- Security update for MozillaThunderbird
- Details
-
This update for MozillaThunderbird fixes the following issues:
Mozilla Thunderbird 128.4.3
- fixed: Folder corruption could cause Thunderbird to freeze and become unusable
- fixed: Message corruption could be propagated when reading mbox
- fixed: Folder compaction was not abandoned on shutdown
- fixed: Folder compaction did not clean up on failure
- fixed: Collapsed NNTP thread incorrectly indicated there were unread messages
- fixed: Navigating to next unread message did not wait for all messages to be loaded
- fixed: Applying column view to folder and children could break if folder error occurred
- fixed: Remote content notifications were broken with encrypted messages
- fixed: Updating criteria of a saved search resulted in poor search performance
- fixed: Drop-downs may not work in some places
- fixed: Security fixes MFSA 2024-61 (bsc#1233355)
- CVE-2024-11159 Potential disclosure of plaintext in OpenPGP encrypted message
Mozilla Thunderbird 128.4.2
- changed: Increased the auto-compaction threshold to reduce frequency of compaction
- fixed: New profile creation caused console errors
- fixed: Repair folder could result in older messages showing wrong date and time
- fixed: Recently deleted messages could become undeleted if message compaction failed
- fixed: Visual and UX improvements
- fixed: Clicking on an HTML button could cause Thunderbird to freeze
- fixed: Messages could not be selected for dragging
- fixed: Could not open attached file in a MIME encrypted message
- fixed: Account creation 'Setup Documentation' link was broken
- fixed: Unable to generate QR codes when exporting to mobile in some cases
- fixed: Operating system reauthentication was missing when exporting QR codes for mobile
- fixed: Could not drag all-day events from one day to another in week view
Mozilla Thunderbird 128.4.1
- new: Add the 20 year donation appeal
Mozilla Thunderbird 128.4
- new: Export Thunderbird account settings to Thunderbird Mobile via QRCode
- fixed: Unable to send an unencrypted response to an OpenPGP encrypted message
- fixed: Thunderbird update did not update language pack version until another restart
- fixed: Security fixes MFSA 2024-58 (bsc#1231879)
- CVE-2024-10458 Permission leak via embed or object elements
- CVE-2024-10459 Use-after-free in layout with accessibility
- CVE-2024-10460 Confusing display of origin for external protocol handler prompt
- CVE-2024-10461 XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
- CVE-2024-10462 Origin of permission prompt could be spoofed by long URL
- CVE-2024-10463 Cross origin video frame leak
- CVE-2024-10464 History interface could have been used to cause a Denial of Service condition in the browser
- CVE-2024-10465 Clipboard 'paste' button persisted across tabs
- CVE-2024-10466 DOM push subscription message could hang Firefox
- CVE-2024-10467 Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20244050-1/
- https://bugzilla.suse.com/1231879
- https://bugzilla.suse.com/1233355
- https://www.suse.com/security/cve/CVE-2024-10458
- https://www.suse.com/security/cve/CVE-2024-10459
- https://www.suse.com/security/cve/CVE-2024-10460
- https://www.suse.com/security/cve/CVE-2024-10461
- https://www.suse.com/security/cve/CVE-2024-10462
- https://www.suse.com/security/cve/CVE-2024-10463
- https://www.suse.com/security/cve/CVE-2024-10464
- https://www.suse.com/security/cve/CVE-2024-10465
- https://www.suse.com/security/cve/CVE-2024-10466
- https://www.suse.com/security/cve/CVE-2024-10467
- https://www.suse.com/security/cve/CVE-2024-11159
Affected packages
SUSE:Linux Enterprise Module for Package Hub 15 SP5 / MozillaThunderbird
Package
- Name
- MozillaThunderbird
- Purl
- pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
SUSE:Linux Enterprise Module for Package Hub 15 SP6 / MozillaThunderbird
Package
- Name
- MozillaThunderbird
- Purl
- pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
SUSE:Linux Enterprise Workstation Extension 15 SP5 / MozillaThunderbird
Package
- Name
- MozillaThunderbird
- Purl
- pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5
SUSE:Linux Enterprise Workstation Extension 15 SP6 / MozillaThunderbird
Package
- Name
- MozillaThunderbird
- Purl
- pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6
openSUSE:Leap 15.5 / MozillaThunderbird
Package
- Name
- MozillaThunderbird
- Purl
- pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.5