Overview

File _patchinfo of Package patchinfo.38172

<patchinfo incident="38172">
  <issue tracker="bnc" id="1240083">VUL-0: MozillaFirefox / MozillaThunderbird: update to 137 and 128.9esr</issue>
  <issue tracker="cve" id="2025-3029"/>
  <issue tracker="cve" id="2025-3028"/>
  <issue tracker="cve" id="2025-3030"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

- Mozilla Thunderbird ESR 128.9 MFSA 2025-24 (bsc#1240083)
  * CVE-2025-3028: Use-after-free triggered by XSLTProcessor
  * CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters
  * CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137,
    Firefox ESR 128.9, and Thunderbird 128.9
  
Other fixes:

  * new: Thunderbird now has a notification system for real-time
    desktop alerts 
  * fixed: Data corruption occurred when compacting IMAP Drafts
    folder after saving a message 
  * fixed: Right-clicking "Decrypt and Save As..." on an
    attachment file failed. 
  * fixed: Thunderbird could crash when importing mail 
  * fixed: Sort indicators were missing on the calendar events
    list. 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places