Opened 16 months ago
Closed 16 months ago
#17431 closed enhancement (fixed)
thunderbird-102.6.1
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (4)
comment:1 by , 16 months ago
| Priority: | normal → elevated |
|---|
comment:2 by , 16 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 16 months ago
102.6.1
fixed Remote content did not load in user-defined signatures fixed Addons that added new action buttons were not shown for addon upgrades, requiring removal and reinstall fixed Various stability improvements fixed Security fix
CVE Fix
CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions
Reporter
Matthias Zoellner
Impact
moderate
Description
A file with a long filename could have had its filename truncated to remove the valid
extension, leaving a malicious extension in its place. This could potentially led to
user confusion and the execution of malicious code.
Note: This issue was originally included in the advisories for Thunderbird 102.6, but a
patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in
Thunderbird 102.6.1
comment:4 by , 16 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at 11977a8a19c8ae7db8c1d7e7b46d77ca2ba7bebe
Security advisory to come after the new year.
Note:
See TracTickets
for help on using tickets.
The release notes specify that there is a security fix.