SUSE-SU-2024:0242-1

This update for MozillaThunderbird fixes the following issues:

Update to Mozilla Thunderbird 115.7 (MFSA 2024-04) (bsc#1218955):

• CVE-2024-0741: Out of bounds write in ANGLE
• CVE-2024-0742: Failure to update user input timestamp
• CVE-2024-0746: Crash when listing printers on Linux
• CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set
• CVE-2024-0749: Phishing site popup could show local origin in address bar
• CVE-2024-0750: Potential permissions request bypass via clickjacking
• CVE-2024-0751: Privilege escalation through devtools
• CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain
• CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7

Other fixes:

• new: Autocrypt Gossip key distribution added (bmo#1853674)
• fixed: When starting Thunderbird, unread message count did not appear on collapsed accounts (bmo#1862774)
• fixed: Blank window was sometimes displayed when starting Thunderbird (bmo#1870817)
• fixed: Thunderbird '--chrome' flag incorrectly opened extra messenger.xhtml (bmo#1866915)
• fixed: Add-ons did not start correctly when opening Thunderbird from other programs (bmo#1800423)
• fixed: Drag-and-drop installation of add-ons did not work if Add-ons Manager was opened from Unified Toolbar (bmo#1862978)
• fixed: Double-clicking empty space in message pane incorrectly opened the currently selected message (bmo#1867407)
• fixed: Canceling SMTP send before progress reached 100% did not stop message from sending (bmo#1816540)
• fixed: PDF attachments open in a separate tab did not always restore correctly after restarting Thunderbird (bmo#1846054)
• fixed: Some OpenPGP dialogs were too small for their contents (bmo#1870809)
• fixed: Account Manager did not work with hostnames entered as punycode (bmo#1870720,bmo#1872632)
• fixed: Downloading complete message from POP3 headers caused message tab/window to close when 'Close message window/tab on move or delete' was enabled (bmo#1861886)
• fixed: Some ECC GPG keys could not be exported (bmo#1867765)
• fixed: Contacts deleted from mailing list view still visible in Details view (bmo#1799362)
• fixed: After selecting contacts in Address Book and starting a new search, the search results list did not update (bmo#1812726)
• fixed: Various UX and visual improvements (bmo#1866061,bmo#18 67169,bmo#1867728,bmo#1868079,bmo#1869519,bmo#1832149,bmo#185 6495,bmo#1861210,bmo#1861286,bmo#1863296,bmo#1864979)

• fixed: Security fixes

  • Mozilla Thunderbird 115.6.1
• new: OAuth2 now supported for comcast.net (bmo#1844810)
• fixed: High CPU usage sometimes occurred with IMAP CONDSTORE (conditional STORE) enabled (bmo#1839256)
• fixed: Replying to a collapsed thread via keyboard shortcut (Ctrl+R/Cmd+R) opened a reply for every message in the thread (bmo#1866819)
• fixed: Enabling Grouped By view after reversing sort order of column header caused messages to be grouped incorrectly (bmo#1868794)
• fixed: Opening thread pane context menu via keyboard did not always scroll view to selection (bmo#1867532)
• fixed: New mail indicator for POP3 accounts did not indicate new messages ready to be downloaded (bmo#1870619)
• fixed: Messages could not be moved to folders using Message > Move To if text or a link in the message had been clicked on first (bmo#1868474)
• fixed: MIME part boundaries were not properly terminated (bmo#1805558)