Security update for MozillaThunderbird
| Announcement ID: |
SUSE-SU-2024:4148-1 |
| Release Date: |
2024-12-03T09:10:23Z |
| Rating: |
important |
| References: |
|
|
Cross-References:
|
|
| CVSS scores: |
-
CVE-2024-11691
(
NVD
):
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
-
CVE-2024-11692
(
NVD
):
4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
-
CVE-2024-11693
(
NVD
):
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
CVE-2024-11694
(
NVD
):
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
-
CVE-2024-11695
(
NVD
):
5.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
-
CVE-2024-11696
(
NVD
):
5.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
-
CVE-2024-11697
(
NVD
):
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
-
CVE-2024-11698
(
NVD
):
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
CVE-2024-11699
(
NVD
):
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| Affected Products: |
- openSUSE Leap 15.5
- openSUSE Leap 15.6
- SUSE Linux Enterprise Desktop 15 SP5
- SUSE Linux Enterprise Desktop 15 SP6
- SUSE Linux Enterprise High Performance Computing 15 SP5
- SUSE Linux Enterprise Micro 5.5
- SUSE Linux Enterprise Real Time 15 SP5
- SUSE Linux Enterprise Real Time 15 SP6
- SUSE Linux Enterprise Server 15 SP5
- SUSE Linux Enterprise Server 15 SP6
- SUSE Linux Enterprise Server for SAP Applications 15 SP5
- SUSE Linux Enterprise Server for SAP Applications 15 SP6
- SUSE Linux Enterprise Workstation Extension 15 SP5
- SUSE Linux Enterprise Workstation Extension 15 SP6
- SUSE Package Hub 15 15-SP5
- SUSE Package Hub 15 15-SP6
|
An update that solves nine vulnerabilities can now be installed.
Description:
This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird 128.5
- fixed: IMAP could crash when reading cached messages
- fixed: Enabling "Show Folder Size" on Maildir profile could
render Thunderbird unusable
- fixed: Messages corrupted by folder compaction were only
fixed by user intervention
- fixed: Reading a message from past the end of an mbox file
did not cause an error
- fixed: View -> Folders had duplicate F access keys
- fixed: Add-ons adding columns to the message list could fail
and cause display issue
- fixed: "Empty trash on exit" and "Expunge inbox on exit" did
not always work
- fixed: Selecting a display option in View -> Tasks did not
apply in the Task interface
- fixed: Security fixes
MFSA 2024-68 (bsc#1233695)
- CVE-2024-11691 Out-of-bounds write in Apple GPU drivers via WebGL
- CVE-2024-11692 Select list elements could be shown over another site
- CVE-2024-11693 Download Protections were bypassed by .library-ms files on Windows
- CVE-2024-11694 CSP Bypass and XSS Exposure via Web Compatibility Shims
- CVE-2024-11695 URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
- CVE-2024-11696 Unhandled Exception in Add-on Signature Verification
- CVE-2024-11697 Improper Keypress Handling in Executable File Confirmation Dialog
- CVE-2024-11698 Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
-
CVE-2024-11699 Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5
-
Handle upstream changes with esr-prefix of desktop-file (bsc#1233650)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-4148=1
-
openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-4148=1
-
SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-4148=1
-
SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4148=1
-
SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-4148=1
-
SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-4148=1
Package List:
-
openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
- MozillaThunderbird-translations-common-128.5.0-150200.8.191.1
- MozillaThunderbird-128.5.0-150200.8.191.1
- MozillaThunderbird-debugsource-128.5.0-150200.8.191.1
- MozillaThunderbird-translations-other-128.5.0-150200.8.191.1
- MozillaThunderbird-debuginfo-128.5.0-150200.8.191.1
-
openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
- MozillaThunderbird-translations-common-128.5.0-150200.8.191.1
- MozillaThunderbird-128.5.0-150200.8.191.1
- MozillaThunderbird-debugsource-128.5.0-150200.8.191.1
- MozillaThunderbird-translations-other-128.5.0-150200.8.191.1
- MozillaThunderbird-debuginfo-128.5.0-150200.8.191.1
-
SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x)
- MozillaThunderbird-translations-common-128.5.0-150200.8.191.1
- MozillaThunderbird-128.5.0-150200.8.191.1
- MozillaThunderbird-debugsource-128.5.0-150200.8.191.1
- MozillaThunderbird-translations-other-128.5.0-150200.8.191.1
- MozillaThunderbird-debuginfo-128.5.0-150200.8.191.1
-
SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x)
- MozillaThunderbird-translations-common-128.5.0-150200.8.191.1
- MozillaThunderbird-128.5.0-150200.8.191.1
- MozillaThunderbird-debugsource-128.5.0-150200.8.191.1
- MozillaThunderbird-translations-other-128.5.0-150200.8.191.1
- MozillaThunderbird-debuginfo-128.5.0-150200.8.191.1
-
SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
- MozillaThunderbird-translations-common-128.5.0-150200.8.191.1
- MozillaThunderbird-128.5.0-150200.8.191.1
- MozillaThunderbird-debugsource-128.5.0-150200.8.191.1
- MozillaThunderbird-translations-other-128.5.0-150200.8.191.1
- MozillaThunderbird-debuginfo-128.5.0-150200.8.191.1
-
SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
- MozillaThunderbird-translations-common-128.5.0-150200.8.191.1
- MozillaThunderbird-128.5.0-150200.8.191.1
- MozillaThunderbird-debugsource-128.5.0-150200.8.191.1
- MozillaThunderbird-translations-other-128.5.0-150200.8.191.1
- MozillaThunderbird-debuginfo-128.5.0-150200.8.191.1
References: