Overview

File _patchinfo of Package patchinfo.36946

<patchinfo incident="36946">
  <issue tracker="bnc" id="1234991">VUL-0: MozillaFirefox / MozillaThunderbird: update to 134 and 128.6esr</issue>
  <issue tracker="cve" id="2025-0239"/>
  <issue tracker="cve" id="2025-0243"/>
  <issue tracker="cve" id="2025-0242"/>
  <issue tracker="cve" id="2025-0240"/>
  <issue tracker="cve" id="2025-0241"/>
  <issue tracker="cve" id="2025-0238"/>
  <issue tracker="cve" id="2025-0237"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

Update to Mozilla Thunderbird ESR 128.6 (MFSA 2025-05, bsc#1234991)

Security fixes:

  - CVE-2025-0237 (bmo#1915257)
    WebChannel APIs susceptible to confused deputy attack
  - CVE-2025-0238 (bmo#1915535)
    Use-after-free when breaking lines in text
  - CVE-2025-0239 (bmo#1929156)
    Alt-Svc ALPN validation failure when redirected
  - CVE-2025-0240 (bmo#1929623)
    Compartment mismatch when parsing JavaScript JSON module
  - CVE-2025-0241 (bmo#1933023)
    Memory corruption when using JavaScript Text Segmentation
  - CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873,
    bmo#1932169)
    Memory safety bugs fixed in Firefox 134, Thunderbird 134,
    Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,
    and Thunderbird 128.6
  - CVE-2025-0243 (bmo#1827142, bmo#1932783)
    Memory safety bugs fixed in Firefox 134, Thunderbird 134,
    Firefox ESR 128.6, and Thunderbird 128.6

Other fixes:

  - fixed: New mail notification was not hidden after reading the
    new message (bmo#1920077)
  - fixed: New mail notification could show for the wrong folder,
    causing repeated alerts (bmo#1926462)
  - fixed: macOS shortcut CMD+1 did not restore the main window
    when it was minimized (bmo#1857953)
  - fixed: Clicking the context menu "Reply" button resulted in
    "Reply-All" (bmo#1935883)
  - fixed: Switching from "All", "Unread", and "Threads with
    unread" did not work (bmo#1921618)
  - fixed: Downloading message headers from a newsgroup could
    cause a hang (bmo#1931661)
  - fixed: Message list performance slow when many updates
    happened at once (bmo#1933104)
  - fixed: "mailto:" links did not apply the compose format of
    the current identity (bmo#550414)
  - fixed: Authentication failure of AUTH PLAIN or AUTH LOGIN did
    not fall back to USERPASS (bmo#1928026)

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places