Overview

File _patchinfo of Package patchinfo.36555

<patchinfo incident="36555">
  <issue tracker="bnc" id="1233650">Thunderbird does not properly associate with its .desktop file in Plasma</issue>
  <issue tracker="bnc" id="1233695">VUL-0: MozillaFirefox / MozillaThunderbird: update to 133 and 128.5esr</issue>
  <issue tracker="cve" id="2024-11691"/>
  <issue tracker="cve" id="2024-11692"/>
  <issue tracker="cve" id="2024-11693"/>
  <issue tracker="cve" id="2024-11694"/>
  <issue tracker="cve" id="2024-11695"/>
  <issue tracker="cve" id="2024-11696"/>
  <issue tracker="cve" id="2024-11697"/>
  <issue tracker="cve" id="2024-11698"/>
  <issue tracker="cve" id="2024-11699"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

- Mozilla Thunderbird 128.5
  * fixed: IMAP could crash when reading cached messages
  * fixed: Enabling "Show Folder Size" on Maildir profile could
    render Thunderbird unusable
  * fixed: Messages corrupted by folder compaction were only
    fixed by user intervention
  * fixed: Reading a message from past the end of an mbox file
    did not cause an error
  * fixed: View -&gt; Folders had duplicate F access keys
  * fixed: Add-ons adding columns to the message list could fail
    and cause display issue
  * fixed: "Empty trash on exit" and "Expunge inbox on exit" did
    not always work
  * fixed: Selecting a display option in View -&gt; Tasks did not
    apply in the Task interface
  * fixed: Security fixes
  MFSA 2024-68 (bsc#1233695)
  * CVE-2024-11691 Out-of-bounds write in Apple GPU drivers via WebGL
  * CVE-2024-11692 Select list elements could be shown over another site
  * CVE-2024-11693 Download Protections were bypassed by .library-ms files on Windows
  * CVE-2024-11694 CSP Bypass and XSS Exposure via Web Compatibility Shims
  * CVE-2024-11695 URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
  * CVE-2024-11696 Unhandled Exception in Add-on Signature Verification
  * CVE-2024-11697 Improper Keypress Handling in Executable File Confirmation Dialog
  * CVE-2024-11698 Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
  * CVE-2024-11699 Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5

- Handle upstream changes with esr-prefix of desktop-file (bsc#1233650)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places