#17884 closed enhancement (fixed)
seamonkey-2.53.16
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (7)
comment:1 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Priority: | normal → elevated |
| Status: | new → assigned |
comment:2 by , 3 years ago
comment:4 by , 3 years ago
What's New in SeaMonkey 2.53.16
No throbber in plaintext editor bug 85498.
Remove unused gridlines class from EdAdvancedEdit bug 1806632.
Remove ESR 91 links from debugQA bug 1804534.
Rename devtools/shim to devtools/startup bug 1812367.
Remove unused seltype=text|cell css bug 1806653.
Implement new shared tree styling bug 1807802.
Use `win.focus()` in macWindowMenu.js bug 1807817.
Remove WCAP provider bug 1579020.
Remove ftp/file tree view support bug 1239239.
Change calendar list tree to a list bug 1561530.
Various other updates to the calendar code.
Continue the switch from Python 2 to Python 3 in the build system.
Verified compatibility with Rust 1.66.1.
Later in the release notes, it specifies:
"Additional important security fixes up to Current Firefox 102.9 and Thunderbird 102.9 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to."
comment:5 by , 3 years ago
The last version of Seamonkey (2.53.15) had fixes up to 102.6.
The following CVEs have been resolved in that case:
CVE-2022-46871: libusrsctp library out of date
CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers
navigation
CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in
WebWorkers
CVE-2022-46877: Fullscreen notification bypass
CVE-2023-23603: Calls to console.log allowed bypasing Content Security Policy via
format directive
CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
CVE-2023-25728: Content security policy leak in violation reports using iframes
CVE-2023-25730: Screen hijack via browser fullscreen mode
CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS
CVE-2023-25735: Potential use-after-free from compartment mismatch in SpiderMonkey
CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry
CVE-2023-25739: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
CVE-2023-25729: Extensions could have opened external schemes without user knowledge
CVE-2023-25732: Out of bounds memory write from EncodeInputStream
CVE-2023-25742: Web Crypto ImportKey crashes tab
CVE-2023-25744: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8
CVE-2023-25751: Incorrect code generation during JIT compilation
CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab
triggered navigation
CVE-2023-28162: Invalid downcast in Worklets
CVE-2023-25752: Potential out-of-bounds when accessing throttled streams
CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
CVE-2023-0616: User Interface lockup with messages combining S/MIME and OpenPGP
CVE-2023-28427: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service
attack
comment:6 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at 03adc377dc161f91dd1443ff947d3fda13332358
SA-11.3-014 issued
Note:
See TracTickets
for help on using tickets.
The upstream fixes patch has been applied and is no longer needed.