Opened 6 days ago
Closed 6 days ago
#21457 closed enhancement (fixed)
thunderbird-128.9.2esr
| Reported by: | Joe Locash | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.4 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
What’s Fixed
- Two-factor auth via text or email did not work with Office 365 using Oauth2.
- IRC channel was not visible after restart.
- Global indexing failed when processing email with invalid calendar data
Security fixes
https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/
- CVE-2025-3522: Leak of hashed Window credentials via crafted attachment URL (high)
- CVE-2025-2830: Information Disclosure of /tmp directory listing (high)
- CVE-2025-3523: User Interface (UI) Misrepresentation of attachment URL (low)
Change History (2)
comment:1 by , 6 days ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 6 days ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at eea3c87d08f6393afe45d512c65f99a5ed1f8f42