Opened 5 months ago

Closed 5 months ago

#18900 closed enhancement (fixed)

thunderbird-115.5.0

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: elevated Milestone: 12.1
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description (last modified by ken@…)

New minor version.

Tuesday's release notes for firefox mentioned the usual Memory safety bugs, applicable to thunderbird as well as firefox, and I think one of the other items mentioned thunderbird when I looked at nvd.

Change History (4)

comment:1 by ken@…, 5 months ago

Description: modified (diff)
Priority: normalelevated

comment:2 by Douglas R. Reno, 5 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:3 by Douglas R. Reno, 5 months ago

Fixes

  • Initial message was not automatically selected when opened in conversation
  • Newsgroup users using FQDN identity generated message ID headers with incorrect domain name
  • Link previews had poor legibility in dark mode
  • Plasma's task switcher displayed the default icon when running the Thunderbird Flatpak on Wayland
  • Link to Flatpak manifest was incorrect
  • Security fixes

Security Fixes

  • CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer (High)
  • CVE-2023-6205: Use-after-free in MessagePort::Entangled (High)
  • CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition (High)
  • CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer (High)
  • CVE-2023-6208: Using Selection API would copy contents into X11 primary selection. (Moderate)
  • CVE-2023-6209: Incorrect parsing of relative URLs starting with "/" (Moderate)
  • CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (High)

comment:4 by Douglas R. Reno, 5 months ago

Resolution: fixed
Status: assignedclosed

Fixed at 1ba9c6f0faa4a50f59f8b2e3566bddb34b9bae29

SA-12.0-047 issued

Note: See TracTickets for help on using tickets.