Opened 3 days ago
Last modified 3 days ago
#21375 assigned enhancement
thunderbird-128.9.0esr
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.4 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New minor version to correspond with Firefox.
What's New
- Thunderbird now has a notification system for real-time desktop alerts
What's Fixed
- Data corruption occurred when compacting IMAP Drafts folder after saving a message
- Right-clicking "Decrypt and Save As..." on an attachment file failed.
- Thunderbird could crash when importing mail
- Sort indicators were missing on the calendar events list.
- Security fixes
Security Fixes
- CVE-2025-3028: Use-after-free triggered by XSLTProcessor (High)
- CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters (Moderate)
- CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 (High)
I suspect CVE-2025-3028 could be exploited via mail which is why the usual tag of these vulnerabilities being difficult to exploit is missing. You'd have to receive an email sent with XHTML, but if you did I could see it triggering the use-after-free while trying to process it.
Note:
See TracTickets
for help on using tickets.
