Opened 3 years ago

Closed 3 years ago

#16007 closed enhancement (fixed)

thunderbird-91.6.0

Reported by: pierre Owned by: Douglas R. Reno
Priority: elevated Milestone: 11.1
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version. 

Fixes

JS LDAP implementation did not support self-signed SSL certificates

After saving a draft and subsequently sending a FileLink email, the original file was removed from disk

Chat OTR encryption did not work

OTR verification bar was not removed after completing verification
fixed

Various theme improvements

No security advisory yet

Change History (4)

comment:1 by Douglas R. Reno, 3 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 3 years ago

Priority: normalelevated
Summary: thunderbird-91.5.1thunderbird-91.6.0

Now 91.6.0, containing the same fixes as Firefox.

comment:3 by Douglas R. Reno, 3 years ago 

What’s New
new

Thunderbird will now offer to send large forwarded attachments via FileLink

Fixes
fixed

Partially signed unencrypted messages displayed an incorrect "partially encrypted" notification

fixed

Attachments filenames were not sanitized before saving to disk

fixed

In the attachment bar, the "Import OpenPGP Key" item displayed for public keys displayed an error and did not import the key
fixed

"Open with" attachment dialog did not have a selected radio button option

fixed

Various security fixes

The security fixes in question: 

Mozilla Foundation Security Advisory 2022-06
Security Vulnerabilities fixed in Thunderbird 91.6

Announced
    February 8, 2022
Impact
    high
Products
    Thunderbird
Fixed in

        Thunderbird 91.6

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
#CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service

Reporter
    Seb Patane
Impact
    high

Description

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.
This bug only affects Thunderbird on Windows. Other operating systems are unaffected.
References

    Bug 1732435

#CVE-2022-22754: Extensions could have bypassed permission confirmation during update

Reporter
    Rob Wu
Impact
    high

Description

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions.
References

    Bug 1750565

#CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable

Reporter
    Abdulrahman Alqabandi
Impact
    moderate

Description

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it.
References

    Bug 1317873

#CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements

Reporter
    Johan Carlsson
Impact
    moderate

Description

If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox.
References

    Bug 1739957

#CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types

Reporter
    Luan Herrera
Impact
    moderate

Description

When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin.
References

    Bug 1740985
    Bug 1748503

#CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages

Reporter
    Mart Gil Robles (Mart at FlowCrypt)
Impact
    moderate

Description

Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy.
References

    Bug 1745566

#CVE-2022-22763: Script Execution during invalid object state

Reporter
    Mozilla Fuzzing Team
Impact
    moderate

Description

When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible.
References

    Bug 1740534

#CVE-2022-22764: Memory safety bugs fixed in Thunderbird 91.6

Reporter
    Mozilla developers and community
Impact
    high

Description

Mozilla developers and community members Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References

    Memory safety bugs fixed in Thunderbird 91.6

comment:4 by Douglas R. Reno, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at a131012cc800b01dbe2a4e960451bfabe85448c7

Note: See TracTickets for help on using tickets.