Overview

File _patchinfo of Package patchinfo.32225

<patchinfo incident="32225">
  <issue tracker="bnc" id="1218955">VUL-0: MozillaFirefox / MozillaThunderbird: update to 122 and 115.7esr</issue>
  <issue tracker="cve" id="2024-0742"/>
  <issue tracker="cve" id="2024-0746"/>
  <issue tracker="cve" id="2024-0753"/>
  <issue tracker="cve" id="2024-0747"/>
  <issue tracker="cve" id="2024-0741"/>
  <issue tracker="cve" id="2024-0751"/>
  <issue tracker="cve" id="2024-0750"/>
  <issue tracker="cve" id="2024-0755"/>
  <issue tracker="cve" id="2024-0749"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

Update to Mozilla Thunderbird 115.7 (MFSA 2024-04) (bsc#1218955):

  - CVE-2024-0741: Out of bounds write in ANGLE
  - CVE-2024-0742: Failure to update user input timestamp
  - CVE-2024-0746: Crash when listing printers on Linux
  - CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set
  - CVE-2024-0749: Phishing site popup could show local origin in address bar
  - CVE-2024-0750: Potential permissions request bypass via clickjacking
  - CVE-2024-0751: Privilege escalation through devtools
  - CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain
  - CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7

Other fixes:

  * new: Autocrypt Gossip key distribution added (bmo#1853674)
  * fixed: When starting Thunderbird, unread message count did
    not appear on collapsed accounts (bmo#1862774)
  * fixed: Blank window was sometimes displayed when starting
    Thunderbird (bmo#1870817)
  * fixed: Thunderbird "--chrome" flag incorrectly opened extra
    messenger.xhtml (bmo#1866915)
  * fixed: Add-ons did not start correctly when opening
    Thunderbird from other programs (bmo#1800423)
  * fixed: Drag-and-drop installation of add-ons did not work if
    Add-ons Manager was opened from Unified Toolbar (bmo#1862978)
  * fixed: Double-clicking empty space in message pane
    incorrectly opened the currently selected message
    (bmo#1867407)
  * fixed: Canceling SMTP send before progress reached 100% did
    not stop message from sending (bmo#1816540)
  * fixed: PDF attachments open in a separate tab did not always
    restore correctly after restarting Thunderbird (bmo#1846054)
  * fixed: Some OpenPGP dialogs were too small for their contents
    (bmo#1870809)
  * fixed: Account Manager did not work with hostnames entered as
    punycode (bmo#1870720,bmo#1872632)
  * fixed: Downloading complete message from POP3 headers caused
    message tab/window to close when "Close message window/tab on
    move or delete" was enabled (bmo#1861886)
  * fixed: Some ECC GPG keys could not be exported (bmo#1867765)
  * fixed: Contacts deleted from mailing list view still visible
    in Details view (bmo#1799362)
  * fixed: After selecting contacts in Address Book and starting
    a new search, the search results list did not update
    (bmo#1812726)
  * fixed: Various UX and visual improvements (bmo#1866061,bmo#18
    67169,bmo#1867728,bmo#1868079,bmo#1869519,bmo#1832149,bmo#185
    6495,bmo#1861210,bmo#1861286,bmo#1863296,bmo#1864979)
  * fixed: Security fixes

- Mozilla Thunderbird 115.6.1
  * new: OAuth2 now supported for comcast.net (bmo#1844810)
  * fixed: High CPU usage sometimes occurred with IMAP CONDSTORE
    (conditional STORE) enabled (bmo#1839256)
  * fixed: Replying to a collapsed thread via keyboard shortcut
    (Ctrl+R/Cmd+R) opened a reply for every message in the thread
    (bmo#1866819)
  * fixed: Enabling Grouped By view after reversing sort order of
    column header caused messages to be grouped incorrectly
    (bmo#1868794)
  * fixed: Opening thread pane context menu via keyboard did not
    always scroll view to selection (bmo#1867532)
  * fixed: New mail indicator for POP3 accounts did not indicate
    new messages ready to be downloaded (bmo#1870619)
  * fixed: Messages could not be moved to folders using Message &gt;
    Move To if text or a link in the message had been clicked on
    first (bmo#1868474)
  * fixed: MIME part boundaries were not properly terminated
    (bmo#1805558)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places