thunderbird-115.6.0

[Bruce Dubbs]

New point version.

[Douglas R. Reno]

Because of the severity of the Thunderbird-specific security issues in this update, I'm going to promote this to the highest severity level

[Douglas R. Reno]

Thunderbird-115.5.2 Release Notes

• "Compact" option was missing from folder context menu for IMAP accounts using maildir
• Message list could not be properly read by screen readers in table view
• Messages with slow-loading images were delayed being marked as read
• Messages opened in background tab were incorrectly marked as read
• Mark All Read did not work for virtual folders
• Delete (trash icon) in message display did not work in Unified folders
• Unified folders were missing "Mark Folder Read" option in context menu
• "Reply to List" was incorrectly disabled in Unified Toolbar since Thunderbird 115.4.1
• Sorting by column with "Grouped By" enabled then performing a quick filter search caused blank message pane
• Attachment list did not always appear if remote message content loaded slowly
• Messages in outbox were not shown as unread by default
• "Apply columns to" sometimes failed to apply columns to a root folder and its descendants
• Global search results displayed as a list did not allow threads to be collapsed
• "Quick Filter" button on toolbar was disabled when viewing search results as a list
• Folder open hover delay was too short when using drag-and-drop
• Parent folders with collapsed subfolders did not consistently display new mail indicator or message count for subfolders
• Message list scroll position could move randomly when switching folders
• Undoing deletion of local messages required using "Undo" (Ctrl-Z) twice
• IMAP messages deleted in Thunderbird still appeared in other email clients that don't respect messages marked "\deleted"
• IMAP folder discovery was slowed by status bar message updates
• Servers with non-LDH (letters-digits-hyphens) hostnames, such as those containing non-ASCII Unicode characters, could not be found
• Images could not be copied and pasted from one message into another
• Troubleshooting page (about:support) did not work on profiles with no outgoing email server, such as news-only profiles
• Minimize/maximize button order was incorrect when placing window titlebar buttons on left-hand side
• OpenPGP integraton with smartcard using latest version of Gpg4Win failed
• Various accessibility improvements
• Various UX and visual improvements

Thunderbird-115.6.0 Release Notes

• Message selection misbehaved after selecting a sub-message in an expanded thread, collapsing the thread, then pressing up/down to move selection
• Thunderbird now attempts to reconnect on a new connection after SMTP 4xx errors
• HTML FileLink attachments used the wrong encoding
• Security fixes

Security Fixes

• CVE-2023-50762: Truncated signed text was shown with a valid OpenPGP signature (High)
• CVE-2023-50761: S/MIME signature accepted despite mismatching message date (High)
• CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (High)
• CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (Moderate, UNIX specific)
• CVE-2023-6858: Heap buffer overflow in nsTextFragment (Moderate)
• CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (Moderate)
• CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (Moderate)
• CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (Moderate)
• CVE-2023-6862: Use-after-free in nsDNSService (Moderate)
• CVE-2023-6863: Undefined behavior in ShutdownObserver() (Low)
• CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (High)

[Douglas R. Reno]

Fixed at b0f39cc3f12a55a7c28efe47e0c12a2d3ab7b2bf

SA-12.0-063 issued