SUSE-SU-2024:0242-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20240242-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:0242-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:0242-1
Related
Published
2024-01-26T10:33:31Z
Modified
2024-01-26T10:33:31Z
Summary
Security update for MozillaThunderbird
Details

This update for MozillaThunderbird fixes the following issues:

Update to Mozilla Thunderbird 115.7 (MFSA 2024-04) (bsc#1218955):

  • CVE-2024-0741: Out of bounds write in ANGLE
  • CVE-2024-0742: Failure to update user input timestamp
  • CVE-2024-0746: Crash when listing printers on Linux
  • CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set
  • CVE-2024-0749: Phishing site popup could show local origin in address bar
  • CVE-2024-0750: Potential permissions request bypass via clickjacking
  • CVE-2024-0751: Privilege escalation through devtools
  • CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain
  • CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7

Other fixes:

  • new: Autocrypt Gossip key distribution added (bmo#1853674)
  • fixed: When starting Thunderbird, unread message count did not appear on collapsed accounts (bmo#1862774)
  • fixed: Blank window was sometimes displayed when starting Thunderbird (bmo#1870817)
  • fixed: Thunderbird '--chrome' flag incorrectly opened extra messenger.xhtml (bmo#1866915)
  • fixed: Add-ons did not start correctly when opening Thunderbird from other programs (bmo#1800423)
  • fixed: Drag-and-drop installation of add-ons did not work if Add-ons Manager was opened from Unified Toolbar (bmo#1862978)
  • fixed: Double-clicking empty space in message pane incorrectly opened the currently selected message (bmo#1867407)
  • fixed: Canceling SMTP send before progress reached 100% did not stop message from sending (bmo#1816540)
  • fixed: PDF attachments open in a separate tab did not always restore correctly after restarting Thunderbird (bmo#1846054)
  • fixed: Some OpenPGP dialogs were too small for their contents (bmo#1870809)
  • fixed: Account Manager did not work with hostnames entered as punycode (bmo#1870720,bmo#1872632)
  • fixed: Downloading complete message from POP3 headers caused message tab/window to close when 'Close message window/tab on move or delete' was enabled (bmo#1861886)
  • fixed: Some ECC GPG keys could not be exported (bmo#1867765)
  • fixed: Contacts deleted from mailing list view still visible in Details view (bmo#1799362)
  • fixed: After selecting contacts in Address Book and starting a new search, the search results list did not update (bmo#1812726)
  • fixed: Various UX and visual improvements (bmo#1866061,bmo#18 67169,bmo#1867728,bmo#1868079,bmo#1869519,bmo#1832149,bmo#185 6495,bmo#1861210,bmo#1861286,bmo#1863296,bmo#1864979)
  • fixed: Security fixes

    • Mozilla Thunderbird 115.6.1
  • new: OAuth2 now supported for comcast.net (bmo#1844810)
  • fixed: High CPU usage sometimes occurred with IMAP CONDSTORE (conditional STORE) enabled (bmo#1839256)
  • fixed: Replying to a collapsed thread via keyboard shortcut (Ctrl+R/Cmd+R) opened a reply for every message in the thread (bmo#1866819)
  • fixed: Enabling Grouped By view after reversing sort order of column header caused messages to be grouped incorrectly (bmo#1868794)
  • fixed: Opening thread pane context menu via keyboard did not always scroll view to selection (bmo#1867532)
  • fixed: New mail indicator for POP3 accounts did not indicate new messages ready to be downloaded (bmo#1870619)
  • fixed: Messages could not be moved to folders using Message > Move To if text or a link in the message had been clicked on first (bmo#1868474)
  • fixed: MIME part boundaries were not properly terminated (bmo#1805558)
References

Affected packages

SUSE:Linux Enterprise Module for Package Hub 15 SP5 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.7.0-150200.8.145.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird": "115.7.0-150200.8.145.1",
            "MozillaThunderbird-translations-other": "115.7.0-150200.8.145.1",
            "MozillaThunderbird-translations-common": "115.7.0-150200.8.145.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 15 SP5 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.7.0-150200.8.145.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird": "115.7.0-150200.8.145.1",
            "MozillaThunderbird-translations-other": "115.7.0-150200.8.145.1",
            "MozillaThunderbird-translations-common": "115.7.0-150200.8.145.1"
        }
    ]
}

openSUSE:Leap 15.5 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
purl:rpm/suse/MozillaThunderbird&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.7.0-150200.8.145.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird": "115.7.0-150200.8.145.1",
            "MozillaThunderbird-translations-other": "115.7.0-150200.8.145.1",
            "MozillaThunderbird-translations-common": "115.7.0-150200.8.145.1"
        }
    ]
}