Opened 3 months ago

Closed 3 months ago

#19179 closed enhancement (fixed)

thunderbird-115.7.0

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: elevated Milestone: 12.1
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (4)

comment:1 by Douglas R. Reno, 3 months ago

Priority: normalelevated

comment:2 by Douglas R. Reno, 3 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:3 by Douglas R. Reno, 3 months ago

What's New

  • Autocrypt Gossip key distribution added

Fixes

  • When starting Thunderbird, unread message count did not appear on collapsed accounts
  • Blank window was sometimes displayed when starting Thunderbird
  • Thunderbird "--chrome" flag incorrectly opened extra messenger.xhtml
  • Add-ons did not start correctly when opening Thunderbird from other programs
  • Drag-and-drop installation of add-ons did not work if Add-ons Manager was opened from Unified Toolbar
  • Double-clicking empty space in message pane incorrectly opened the currently selected message
  • Canceling SMTP send before progress reached 100% did not stop message from sending
  • PDF attachments open in a separate tab did not always restore correctly after restarting Thunderbird
  • Some OpenPGP dialogs were too small for their contents
  • Account Manager did not work with hostnames entered as punycode
  • Downloading complete message from POP3 headers caused message tab/window to close when "Close message window/tab on move or delete" was enabled
  • Some ECC GPG keys could not be exported
  • Contacts deleted from mailing list view still visible in Details view
  • After selecting contacts in Address Book and starting a new search, the search results list did not update
  • Various UX and visual improvements
  • Security fixes

Over to the security fixes, we have...

  • CVE-2024-0741: Out of bounds write in ANGLE (High)
  • CVE-2024-0742: Failure to update user input timestamp (High)
  • CVE-2024-0746: Crash when listing printers on Linux (Moderate)
  • CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set (Moderate)
  • CVE-2024-0749: Phishing site popup could show local origin in address bar (Moderate)
  • CVE-2024-0750: Potential permissions request bypass via clickjacking (Moderate)
  • CVE-2024-0751: Privilege escalation through devtools (Moderate)
  • CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain (Moderate)
  • CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (Moderate)

comment:4 by Douglas R. Reno, 3 months ago

Resolution: fixed
Status: assignedclosed

Fixed at 00105c815d84277bfbd51ce936bfb16fafbc50ca

SA-12.0-080 issued

Note: See TracTickets for help on using tickets.