[SUSE-SU-2022:3800-1] Security update for MozillaThunderbird
Severity
Important
Affected Packages
24
CVEs
12
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird 102.4.0 (bsc#1204421)
- changed: Thunderbird will automatically detect and repair OpenPGP key storage corruption caused by using the profile import tool in Thunderbird 102
- fixed: POP message download into a large folder (~13000 messages) caused Thunderbird to temporarily freeze
- fixed: Forwarding messages with special characters in Subject failed on Windows
- fixed: Links for FileLink attachments were not added when attachment filename contained Unicode characters
- fixed: Address Book display pane continued to show contacts after deletion
- fixed: Printing address book did not include all contact details
- fixed: CardDAV contacts without a Name property did not save to Google Contacts
- fixed: 'Publish Calendar' did not work
- fixed: Calendar database storage improvements
- fixed: Incorrectly handled error responses from CalDAV servers sometimes caused events to disappear from calendar
- fixed: Various visual and UX improvements
- changed: Thunderbird will automatically detect and repair OpenPGP key storage corruption caused by using the profile import tool in Thunderbird 102
- Mozilla Thunderbird 102.3.3
- new: Option added to show containing address book for a
contact when using
All Address Books
in vertical mode (bmo#1778871) - changed: Thunderbird will try to use POP NTLM authentication even if not advertised by server (bmo#1793349)
- changed: Task List and Today Pane sidebars will no longer load when not visible (bmo#1788549)
- fixed: Sending a message while a recipient pill was being modified did not save changes (bmo#1779785)
- fixed: Nickname column was not available in horizontal view of Address Book (bmo#1778000)
- fixed: Multiline organization values were displayed across two columns in horizontal view of Address Book (bmo#1777780)
- fixed: Contact vCard fields with multiple values such as Categories were truncated when saved (bmo#1792399)
- fixed: ICS calendar files with a
FREEBUSY
property could not be imported (bmo#1783441) - fixed: Thunderbird would hang if calendar event exceeded the year 2035 (bmo#1789999)
- new: Option added to show containing address book for a
contact when using
- Mozilla Thunderbird 102.3.2
- changed: Thunderbird will try to use POP CRAM-MD5 authentication even if not advertised by server (bmo#1789975)
- fixed: Checking messages on POP3 accounts caused POP folder to lock if mail server was slow or non-responsive (bmo#1792451)
- fixed: Newsgroups named with consecutive dots would not appear when refreshing list of newsgroups (bmo#1787789)
- fixed: Sending news articles containing lines starting with dot were sometimes clipped (bmo#1787955)
- fixed: CardDAV server sync silently failed if sync token expired (bmo#1791183)
- fixed: Contacts from LDAP on macOS address books were not displayed (bmo#1791347)
- fixed: Chat account input now accepts URIs for supported chat protocols (bmo#1776706)
- fixed: Chat ScreenName field was not migrated to new address book (bmo#1789990)
- fixed: Creating a New Event from the Today Pane used the currently selected day from the main calendar instead of from the Today Pane (bmo#1791203)
- fixed:
New Event
button in Today Pane was incorrectly disabled sometimes (bmo#1792058) - fixed: Event reminder windows did not close after being dismissed or snoozed (bmo#1791228)
- fixed: Improved performance of recurring event date calculation (bmo#1787677)
- fixed: Quarterly calendar events on the last day of the month repeated one month early (bmo#1789362)
- fixed: Thunderbird would hang if calendar event exceeded the year 2035 (bmo#1789999)
- fixed: Whitespace in calendar events was incorrectly handled when upgrading from Thunderbird 91 to 102 (bmo#1790339)
- fixed: Various visual and UX improvements (bmo#1755623,bmo#17 83903,bmo#1785851,bmo#1786434,bmo#1787286,bmo#1788151,bmo#178 9728,bmo#1790499)
- Mozilla Thunderbird 102.3.1
- changed: Compose window encryption options now only appear for encryption technologies that have already been configured (bmo#1788988)
- changed: Number of contacts in currently selected address book now displayed at bottom of Address Book list column (bmo#1745571)
- fixed: Password prompt did not include server hostname for POP servers (bmo#1786920)
- fixed:
Edit Contact
was missing from Contacts sidebar context menus (bmo#1771795) - fixed: Address Book contact lists cut off display of some characters, the result being unreadable (bmo#1780909)
- fixed: Menu items for dark-themed alarm dialog were invisible on Windows 7 (bmo#1791738)
- fixed: Various security fixes MFSA 2022-43 (bsc#1204411)
- CVE-2022-39249 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators
- CVE-2022-39250 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to a device verification attack
- CVE-2022-39251 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack
- CVE-2022-39236 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue
- Mozilla Thunderbird 102.3
- changed: Thunderbird will no longer attempt to import account passwords when importing from another Thunderbird profile in order to prevent profile corruption and permanent data loss. (bmo#1790605)
- changed: Devtools performance profile will use Thunderbird presets instead of Web Developer presets (bmo#1785954)
- fixed: Thunderbird startup performance improvements (bmo#1785967)
- fixed: Saving email source and images failed (bmo#1777323,bmo#1778804)
- fixed: Error message was shown repeatedly when temporary disk space was full (bmo#1788580)
- fixed: Attaching OpenPGP keys without a set size to non- encrypted messages briefly displayed a size of zero bytes (bmo#1788952)
- fixed: Global Search entry box initially contained 'undefined' (bmo#1780963)
- fixed: Delete from POP Server mail filter rule intermittently failed to trigger (bmo#1789418)
- fixed: Connections to POP3 servers without UIDL support failed (bmo#1789314)
- fixed: Pop accounts with 'Fetch headers only' set downloaded complete messages if server did not advertise TOP capability (bmo#1789356)
- fixed: 'File -> New -> Address Book Contact' from Compose window did not work (bmo#1782418)
- fixed: Attach 'My vCard' option in compose window was not available (bmo#1787614)
- fixed: Improved performance of matching a contact to an email address (bmo#1782725)
- fixed: Address book only recognized a contact's first two email addresses (bmo#1777156)
- fixed: Address book search and autocomplete failed if a contact vCard could not be parsed (bmo#1789793)
- fixed: Downloading NNTP messages for offline use failed (bmo#1785773)
- fixed: NNTP client became stuck when connecting to Public- Inbox servers (bmo#1786203)
- fixed: Various visual and UX improvements (bmo#1782235,bmo#1787448,bmo#1788725,bmo#1790324)
- fixed: Various security fixes
- unresolved: No dedicated 'Department' field in address book (bmo#1777780) MFSA 2022-42 (bsc#1203477)
- CVE-2022-3266 (bmo#1767360) Out of bounds read when decoding H264
- CVE-2022-40959 (bmo#1782211) Bypassing FeaturePolicy restrictions on transient pages
- CVE-2022-40960 (bmo#1787633) Data-race when parsing non-UTF-8 URLs in threads
- CVE-2022-40958 (bmo#1779993) Bypassing Secure Context restriction for cookies with __Host and __Secure prefix
- CVE-2022-40956 (bmo#1770094) Content-Security-Policy base-uri bypass
- CVE-2022-40957 (bmo#1777604) Incoherent instruction cache when building WASM on ARM64
- CVE-2022-3155 (bmo#1789061) Attachment files saved to disk on macOS could be executed without warning
- CVE-2022-40962 (bmo#1776655, bmo#1777574, bmo#1784835, bmo#1785109, bmo#1786502, bmo#1789440) Memory safety bugs fixed in Thunderbird 102.3
- ID
- SUSE-SU-2022:3800-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2022/suse-su-20223800-1/
- Published
-
2022-10-27T12:59:47
(23 months ago) - Modified
-
2022-10-27T12:59:47
(23 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2022-1900
- ALAS2-2023-1951
- ALPINE:CVE-2022-3266
- ALPINE:CVE-2022-39236
- ALPINE:CVE-2022-39249
- ALPINE:CVE-2022-39250
- ALPINE:CVE-2022-39251
- ALPINE:CVE-2022-40956
- ALPINE:CVE-2022-40957
- ALPINE:CVE-2022-40958
- ALPINE:CVE-2022-40959
- ALPINE:CVE-2022-40960
- ALPINE:CVE-2022-40962
- ALSA-2022:6700
- ALSA-2022:6702
- ALSA-2022:6708
- ALSA-2022:6717
- ALSA-2022:7178
- ALSA-2022:7190
- DSA-5237-1
- DSA-5238-1
- ELSA-2022-6700
- ELSA-2022-6702
- ELSA-2022-6708
- ELSA-2022-6710
- ELSA-2022-6711
- ELSA-2022-6717
- ELSA-2022-7178
- ELSA-2022-7184
- ELSA-2022-7190
- FREEBSD:CB902A77-3F43-11ED-9402-901B0E9408DC
- GLSA-202209-18
- GLSA-202209-27
- GLSA-202210-35
- MFSA-2022-40
- MFSA-2022-41
- MFSA-2022-42
- MFSA-2022-43
- NPM:GHSA-5W8R-8PGJ-5JMF
- NPM:GHSA-6263-X97C-C4GG
- NPM:GHSA-HVV8-5V86-R45X
- NPM:GHSA-R48R-J8FX-MQ2C
- RHSA-2022:6700
- RHSA-2022:6702
- RHSA-2022:6708
- RHSA-2022:6710
- RHSA-2022:6711
- RHSA-2022:6717
- RHSA-2022:7178
- RHSA-2022:7184
- RHSA-2022:7190
- RLSA-2022:6702
- RLSA-2022:6708
- RLSA-2022:7190
- SSA:2022-263-02
- SSA:2022-273-01
- SUSE-SU-2022:3396-1
- SUSE-SU-2022:3440-1
- SUSE-SU-2022:3441-1
- USN-5649-1
- USN-5724-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird | < 102.4.0-150200.8.85.1 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.3 | suse | MozillaThunderbird | < 102.4.0-150200.8.85.1 | opensuse-leap-15.3 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=s390x&distro=opensuse-leap-15.4 | suse | MozillaThunderbird | < 102.4.0-150200.8.85.1 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=s390x&distro=opensuse-leap-15.3 | suse | MozillaThunderbird | < 102.4.0-150200.8.85.1 | opensuse-leap-15.3 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=ppc64le&distro=opensuse-leap-15.4 | suse | MozillaThunderbird | < 102.4.0-150200.8.85.1 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=ppc64le&distro=opensuse-leap-15.3 | suse | MozillaThunderbird | < 102.4.0-150200.8.85.1 | opensuse-leap-15.3 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=aarch64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird | < 102.4.0-150200.8.85.1 | opensuse-leap-15.4 | aarch64 | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=aarch64&distro=opensuse-leap-15.3 | suse | MozillaThunderbird | < 102.4.0-150200.8.85.1 | opensuse-leap-15.3 | aarch64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-other | < 102.4.0-150200.8.85.1 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.3 | suse | MozillaThunderbird-translations-other | < 102.4.0-150200.8.85.1 | opensuse-leap-15.3 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=s390x&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-other | < 102.4.0-150200.8.85.1 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=s390x&distro=opensuse-leap-15.3 | suse | MozillaThunderbird-translations-other | < 102.4.0-150200.8.85.1 | opensuse-leap-15.3 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=ppc64le&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-other | < 102.4.0-150200.8.85.1 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=ppc64le&distro=opensuse-leap-15.3 | suse | MozillaThunderbird-translations-other | < 102.4.0-150200.8.85.1 | opensuse-leap-15.3 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=aarch64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-other | < 102.4.0-150200.8.85.1 | opensuse-leap-15.4 | aarch64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=aarch64&distro=opensuse-leap-15.3 | suse | MozillaThunderbird-translations-other | < 102.4.0-150200.8.85.1 | opensuse-leap-15.3 | aarch64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-common | < 102.4.0-150200.8.85.1 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.3 | suse | MozillaThunderbird-translations-common | < 102.4.0-150200.8.85.1 | opensuse-leap-15.3 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=s390x&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-common | < 102.4.0-150200.8.85.1 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=s390x&distro=opensuse-leap-15.3 | suse | MozillaThunderbird-translations-common | < 102.4.0-150200.8.85.1 | opensuse-leap-15.3 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=ppc64le&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-common | < 102.4.0-150200.8.85.1 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=ppc64le&distro=opensuse-leap-15.3 | suse | MozillaThunderbird-translations-common | < 102.4.0-150200.8.85.1 | opensuse-leap-15.3 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=aarch64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-common | < 102.4.0-150200.8.85.1 | opensuse-leap-15.4 | aarch64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=aarch64&distro=opensuse-leap-15.3 | suse | MozillaThunderbird-translations-common | < 102.4.0-150200.8.85.1 | opensuse-leap-15.3 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |