thunderbird-128.2.0

[Joe Locash]

New minor version.

What’s Fixed

• Performance could be degraded when sorting with Quick Filter or Grouped By Sort
• "Mark All Read" on Quick Filter results marked all emails in folder as read
• "latest" download bouncer aliases were not available for 128 releases prior to 128.2.0esr
• Security fixes

The release notes don't show what the security fixes are but by looking at mfsa2024-40 it's probably CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 which is rated as high.

cbindgen changes not needed.

[Douglas R. Reno]

Security fixes (note that there's at least one that is Thunderbird specific):

• CVE-2024-8394: Crash when aborting verification of OTR chat (High)
• CVE-2024-8385: WASM type confusion involving ArrayTypes (High)
• CVE-2024-8381: Type confusion when looking up a property name in a "with" block (High)
• CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (Moderate)
• CVE-2024-8383: Firefox did not ask before openings news: links in an external application (Moderate)
• CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions (Moderate)
• CVE-2024-8386: SelectElements could be shown over another site if popups are allowed (Low)
• CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (High)

[Douglas R. Reno]

Fixed at debbb3bf5a4bd954af13e7ec80ba8b326a93c9c5

SA-12.2-005 issued