[SUSE-SU-2023:3664-1] Security update for MozillaThunderbird
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
Security fixes:
Mozilla Thunderbird 115.2.2 (MFSA 2023-40, bsc#1215245)
- CVE-2023-4863: Fixed heap buffer overflow in libwebp (bmo#1852649).
Mozilla Thunderbird 115.2 (MFSA 2023-38, bsc#1214606)
- CVE-2023-4573: Memory corruption in IPC CanvasTranslator (bmo#1846687)
- CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback (bmo#1846688)
- CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback (bmo#1846689)
- CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation (bmo#1846694)
- CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics (bmo#1847397)
- CVE-2023-4051: Full screen notification obscured by file open dialog (bmo#1821884)
- CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (bmo#1839007)
- CVE-2023-4053: Full screen notification obscured by external program (bmo#1839079)
- CVE-2023-4580: Push notifications saved to disk unencrypted (bmo#1843046)
- CVE-2023-4581: XLL file extensions were downloadable without warnings (bmo#1843758)
- CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv (bmo#1773874)
- CVE-2023-4583: Browsing Context potentially not cleared when closing Private Window (bmo#1842030)
- CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (bmo#1843968, bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529)
- CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (bmo#1751583, bmo#1833504, bmo#1841082, bmo#1847904, bmo#1848999)
Other fixes:
Mozilla Thunderbird 115.2.1
* new: Column separators are now shown between all columns in
tree view (bmo#1847441)
* fixed: Crash reporter did not work in Thunderbird Flatpak
(bmo#1843102)
* fixed: New mail notification always opened message in message
pane, even if pane was disabled (bmo#1840092)
* fixed: After moving an IMAP message to another folder, the
incorrect message was selected in the message list
(bmo#1845376)
* fixed: Adding a tag to an IMAP message opened in a tab failed
(bmo#1844452)
* fixed: Junk/Spam folders were not always shown in Unified
Folders mode (bmo#1838672)
* fixed: Middle-clicking a folder or message did not open it in
a background tab, as in previous versions (bmo#1842482)
* fixed: Settings tab visual improvements: Advanced Fonts
dialog, Section headers hidden behind search box
(bmo#1717382,bmo#1846751)
* fixed: Various visual and style fixes
(bmo#1843707,bmo#1849823)
Mozilla Thunderbird 115.2
* new: Thunderbird MSIX packages are now published on
archive.mozilla.org (bmo#1817657)
* changed: Size, Unread, and Total columns are now right-
aligned (bmo#1848604)
* changed: Newsgroup names in message list header are now
abbreviated (bmo#1833298)
* fixed: Message compose window did not apply theme colors to
menus (bmo#1845699)
* fixed: Reading the second new message in a folder cleared the
unread indicator of all other new messages (bmo#1839805)
* fixed: Displayed counts of unread or flagged messages could
become out-of-sync (bmo#1846860)
* fixed: Deleting a message from the context menu with messages
sorted in chronological order and smooth scroll enabled
caused message list to scroll to top (bmo#1843462)
* fixed: Repeatedly switching accounts in Subscribe dialog
caused tree view to stop updating (bmo#1845593)
* fixed: 'Ignore thread' caused message cards to display
incorrectly in message list (bmo#1847966)
* fixed: Creating tags from unified toolbar failed
(bmo#1846336)
* fixed: Cross-folder navigation using F and N did not work
(bmo#1845011)
* fixed: Account Manager did not resize to fit content, causing
'Close' button to become hidden outside bounds of dialog when
too many accounts were listed (bmo#1847555)
* fixed: Remote content exceptions could not be added in
Settings (bmo#1847576)
* fixed: Newsgroup list file did not get updated after adding a
new NNTP server (bmo#1845464)
* fixed: 'Download all headers' option in NNTP 'Download
Headers' dialog was incorrectly selected by default
(bmo#1845457)
* fixed: 'Convert to event/task' was missing from mail context
menu (bmo#1817705)
* fixed: Events and tasks were not shown in some cases despite
being present on remote server (bmo#1827100)
* fixed: Various visual and UX improvements
(bmo#1844244,bmo#1845645)
- Mozilla Thunderbird 115.1.1
- fixed: Some HTML emails printed headers on first page and message on subsequent pages (bmo#1843628)
- fixed: Deleting messages from message list sometimes scrolled list to bottom, selecting bottommost message (bmo#1835173)
- fixed: Width of icon columns (like Junk or Starred) in message list did not adjust when UI density was changed (bmo#1843014)
- fixed: Old OpenPGP secret keys could not be used to decrypt messages under certain circumstances (bmo#1835786)
- fixed: When multiple folder modes were active, tab focus navigated through all folder mode options before reaching message list (bmo#1842060)
- fixed: Unread message count badge was not displayed on parent folders of subfolder containing unread messages (bmo#1844534)
- fixed: 'Undo archive' (via Ctrl-Z) did not un-archive previously archived messages (bmo#1829340)
- fixed: 'New' button dropdown menu in 'Message Filters' dialog could not be opened via keyboard navigation (bmo#1843511)
- fixed: 'Show New Mail Alert for' input field in 'Customize New Mail Alert' dialog had zero width when using certain language packs (bmo#1845832)
- fixed: 'Account Wizard' dialog was too narrow when adding a news server, partially hiding confirmation buttons (bmo#1846588)
- fixed: Link Properties and Image Properties dialogs in the composer were too wide (bmo#1816850)
- fixed: Thunderbird version number and details in 'About' dialog were not automatically read by screen readers when first opening dialog (bmo#1847078)
- fixed: Flatpak improvements and bug fixes (bmo#1825399,bmo#1843094,bmo#1843097)
- fixed: Various visual and UX improvements (bmo#1846262)
- ID
- SUSE-SU-2023:3664-1
- Severity
- critical
- URL
- https://www.suse.com/support/update/announcement/2023/suse-su-20233664-1/
- Published
-
2023-09-18T19:50:30
(12 months ago) - Modified
-
2023-09-18T19:50:30
(12 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2023-2248
- ALAS2-2023-2290
- ALAS2-2023-2291
- ALAS2-2023-2337
- ALPINE:CVE-2023-4051
- ALPINE:CVE-2023-4053
- ALPINE:CVE-2023-4573
- ALPINE:CVE-2023-4574
- ALPINE:CVE-2023-4575
- ALPINE:CVE-2023-4576
- ALPINE:CVE-2023-4577
- ALPINE:CVE-2023-4578
- ALPINE:CVE-2023-4580
- ALPINE:CVE-2023-4581
- ALPINE:CVE-2023-4582
- ALPINE:CVE-2023-4583
- ALPINE:CVE-2023-4584
- ALPINE:CVE-2023-4585
- ALPINE:CVE-2023-4863
- ALSA-2023:4952
- ALSA-2023:4954
- ALSA-2023:4955
- ALSA-2023:4958
- ALSA-2023:5184
- ALSA-2023:5200
- ALSA-2023:5201
- ALSA-2023:5214
- ALSA-2023:5224
- ALSA-2023:5309
- CISA-2023:0913
- DSA-5485-1
- DSA-5488-1
- DSA-5496-1
- DSA-5497-1
- DSA-5497-2
- DSA-5498-1
- ELSA-2023-4945
- ELSA-2023-4952
- ELSA-2023-4954
- ELSA-2023-4955
- ELSA-2023-4958
- ELSA-2023-5019
- ELSA-2023-5184
- ELSA-2023-5191
- ELSA-2023-5197
- ELSA-2023-5200
- ELSA-2023-5201
- ELSA-2023-5214
- ELSA-2023-5224
- ELSA-2023-5309
- FEDORA-2023-3388038193
- FEDORA-2023-3bfb63f6d2
- FEDORA-2023-6bdc468df7
- FEDORA-2023-b427f54e68
- FEDORA-2023-c4fa8a204d
- FEDORA-2023-c890266d3f
- FEDORA-2023-f8319bd876
- FREEBSD:3693ECA5-F0D3-453C-9558-2353150495BB
- FREEBSD:4FD7A2FC-5860-11EE-A1B3-DCA632DAF43B
- FREEBSD:58A738D4-57AF-11EE-8C58-B42E991FC52E
- FREEBSD:773CE35B-EABB-47E0-98CA-669B2B98107A
- FREEBSD:88754D55-521A-11EE-8290-A8A1599412C6
- GLSA-202309-05
- GLSA-202401-10
- GLSA-202402-25
- MFSA-2023-29
- MFSA-2023-34
- MFSA-2023-35
- MFSA-2023-36
- MFSA-2023-37
- MFSA-2023-38
- MFSA-2023-40
- MS:CVE-2023-4863
- NPM:GHSA-J7HP-H8JX-5PPR
- openSUSE-SU-2023:0246-1
- openSUSE-SU-2023:0247-1
- openSUSE-SU-2023:0278-1
- RHSA-2023:4945
- RHSA-2023:4952
- RHSA-2023:4954
- RHSA-2023:4955
- RHSA-2023:4958
- RHSA-2023:5019
- RHSA-2023:5184
- RHSA-2023:5191
- RHSA-2023:5197
- RHSA-2023:5200
- RHSA-2023:5201
- RHSA-2023:5214
- RHSA-2023:5224
- RHSA-2023:5309
- RLSA-2023:4952
- RLSA-2023:4954
- RLSA-2023:5184
- RLSA-2023:5201
- RLSA-2023:5214
- RLSA-2023:5309
- RUSTSEC-2023-0060
- RUSTSEC-2023-0061
- SSA:2023-242-01
- SSA:2023-256-04
- SSA:2023-257-01
- SSA:2023-264-03
- SUSE-SU-2023:3519-1
- SUSE-SU-2023:3559-1
- SUSE-SU-2023:3562-1
- SUSE-SU-2023:3609-1
- SUSE-SU-2023:3610-1
- SUSE-SU-2023:3626-1
- SUSE-SU-2023:3634-1
- SUSE-SU-2023:3794-1
- SUSE-SU-2023:3829-1
- USN-6267-1
- USN-6320-1
- USN-6367-1
- USN-6368-1
- USN-6369-1
- USN-6369-2
- USN-6405-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.5 | suse | MozillaThunderbird | < 115.2.2-150200.8.130.1 | opensuse-leap-15.5 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=x86_64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird | < 115.2.2-150200.8.130.1 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=s390x&distro=opensuse-leap-15.5 | suse | MozillaThunderbird | < 115.2.2-150200.8.130.1 | opensuse-leap-15.5 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=s390x&distro=opensuse-leap-15.4 | suse | MozillaThunderbird | < 115.2.2-150200.8.130.1 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=ppc64le&distro=opensuse-leap-15.5 | suse | MozillaThunderbird | < 115.2.2-150200.8.130.1 | opensuse-leap-15.5 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=ppc64le&distro=opensuse-leap-15.4 | suse | MozillaThunderbird | < 115.2.2-150200.8.130.1 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=aarch64&distro=opensuse-leap-15.5 | suse | MozillaThunderbird | < 115.2.2-150200.8.130.1 | opensuse-leap-15.5 | aarch64 | |
Affected | pkg:rpm/suse/MozillaThunderbird?arch=aarch64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird | < 115.2.2-150200.8.130.1 | opensuse-leap-15.4 | aarch64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.5 | suse | MozillaThunderbird-translations-other | < 115.2.2-150200.8.130.1 | opensuse-leap-15.5 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-other | < 115.2.2-150200.8.130.1 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=s390x&distro=opensuse-leap-15.5 | suse | MozillaThunderbird-translations-other | < 115.2.2-150200.8.130.1 | opensuse-leap-15.5 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=s390x&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-other | < 115.2.2-150200.8.130.1 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=ppc64le&distro=opensuse-leap-15.5 | suse | MozillaThunderbird-translations-other | < 115.2.2-150200.8.130.1 | opensuse-leap-15.5 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=ppc64le&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-other | < 115.2.2-150200.8.130.1 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=aarch64&distro=opensuse-leap-15.5 | suse | MozillaThunderbird-translations-other | < 115.2.2-150200.8.130.1 | opensuse-leap-15.5 | aarch64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-other?arch=aarch64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-other | < 115.2.2-150200.8.130.1 | opensuse-leap-15.4 | aarch64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.5 | suse | MozillaThunderbird-translations-common | < 115.2.2-150200.8.130.1 | opensuse-leap-15.5 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-common | < 115.2.2-150200.8.130.1 | opensuse-leap-15.4 | x86_64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=s390x&distro=opensuse-leap-15.5 | suse | MozillaThunderbird-translations-common | < 115.2.2-150200.8.130.1 | opensuse-leap-15.5 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=s390x&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-common | < 115.2.2-150200.8.130.1 | opensuse-leap-15.4 | s390x | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=ppc64le&distro=opensuse-leap-15.5 | suse | MozillaThunderbird-translations-common | < 115.2.2-150200.8.130.1 | opensuse-leap-15.5 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=ppc64le&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-common | < 115.2.2-150200.8.130.1 | opensuse-leap-15.4 | ppc64le | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=aarch64&distro=opensuse-leap-15.5 | suse | MozillaThunderbird-translations-common | < 115.2.2-150200.8.130.1 | opensuse-leap-15.5 | aarch64 | |
Affected | pkg:rpm/suse/MozillaThunderbird-translations-common?arch=aarch64&distro=opensuse-leap-15.4 | suse | MozillaThunderbird-translations-common | < 115.2.2-150200.8.130.1 | opensuse-leap-15.4 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |