Opened 5 months ago
Closed 5 months ago
#20587 closed enhancement (fixed)
thunderbird-128.4.0esr
| Reported by: | Joe Locash | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.3 |
| Component: | BOOK | Version: | git |
| Severity: | major | Keywords: | |
| Cc: |
Description ¶
What's New
- Export Thunderbird account settings to Thunderbird Mobile via QRCode
What's Fixed
- Unable to send an unencrypted response to an OpenPGP encrypted message
- Thunderbird update did not update language pack version until another restart
Security Fixes
- CVE-2024-10458: Permission leak via embed or object elements (high)
- CVE-2024-10459: Use-after-free in layout with accessibility (high)
- CVE-2024-10460: Confusing display of origin for external protocol handler prompt (moderate)
- CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (moderate)
- CVE-2024-10462: Origin of permission prompt could be spoofed by long URL (moderate)
- CVE-2024-10463: Cross origin video frame leak (moderate)
- CVE-2024-10464: History interface could have been used to cause a Denial of Service condition in the browser (low)
- CVE-2024-10465: Clipboard "paste" button persisted across tabs (low)
- CVE-2024-10466: DOM push subscription message could hang Firefox (low)
- CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 (moderate)
Change History (3)
comment:1 by , 5 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 5 months ago
| Priority: | normal → elevated |
|---|
comment:3 by , 5 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at cbe04570ccfaaec121665571555b922be294bdc1
SA-12.2-033 issued