Opened 6 months ago

Closed 6 months ago

#14506 closed enhancement (fixed)

thunderbird-78.6.1

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: high Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version

Change History (3)

comment:1 by Douglas R. Reno, 6 months ago

Priority: normalhigh
Changes
changed
MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and default_label properties

Fixes

fixed
Running a quicksearch that returned no results did not offer to re-run as a global search

fixed
Message search toolbar fixes

fixed
Very long subject lines distorted the message compose and display windows, making them unusable

fixed
Compose window: Recipient addresses that had not yet been autocompleted were lost when clicking Send button

fixed
Compose window: New message is no longer marked as "changed" just from tabbing out of the recipient field without editing anything

fixed
Account autodiscover fixes when using MS Exchange servers

fixed
LDAP address book stability fix

fixed
Messages with invalid vcard attachments were not marked as read when viewed in the preview window

fixed
Chat: Could not add TLS certificate exceptions for XMPP connections

fixed
Calendar: System timezone was not always properly detected

fixed
Calendar: Descriptions were sometimes blank when editing a single occurrence of a repeating event

fixed
Various printing bugfixes

fixed
Visual consistency and theme improvements

fixed
Various security fixes

For the security fixes:

Mozilla Foundation Security Advisory 2021-02
Security Vulnerabilities fixed in Thunderbird 78.6.1

Announced
    January 11, 2021
Impact
    critical
Products
    Thunderbird
Fixed in

        Thunderbird 78.6.1

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
#CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Reporter
    Ned Williamson
Impact
    critical

Description

A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.
References

    Bug 1683964

comment:2 by Douglas R. Reno, 6 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:3 by Douglas R. Reno, 6 months ago

Resolution: fixed
Status: assignedclosed

Fixed at r24109

Note: See TracTickets for help on using tickets.