Opened 3 years ago
Closed 3 years ago
#16116 closed enhancement (fixed)
thunderbird-91.6.1
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 11.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New minor version.
Change History (7)
comment:1 by , 3 years ago
| Milestone: | 11.2 → 11.1 |
|---|
comment:2 by , 3 years ago
| Priority: | normal → elevated |
|---|
comment:3 by , 3 years ago
| Priority: | elevated → high |
|---|
Marking as High due to trivial remote code execution via a crafted email.
I will attempt to get to Thunderbird and WebKitGTK+ within the next day.
comment:4 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:5 by , 3 years ago
Changes
changed Thunderbird generated views of meeting invitations are now expanded by default
Fixes
fixed Emails were not downloading at startup under some conditions
fixed Port numbers were not shown in "Confirm Security Exception" dialog for CalDAV connections
fixed Various security fixes
comment:6 by , 3 years ago
Mozilla Foundation Security Advisory 2022-07 Security Vulnerabilities fixed in Thunderbird 91.6.1
Announced
February 15, 2022
Impact
high
Products
Thunderbird
Fixed in
Thunderbird 91.6.1
#CVE-2022-0566: Crafted email could trigger an out-of-bounds write
Reporter
Mozilla Fuzzing Team
Impact
high
Description
It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. References
Bug 1753094
comment:7 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at f63d4f78c14dd5fb69b789312d88e9bc2ccd3deb
Several SAs incoming
Back to 11.1