{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"115.7.0-150200.8.145.1","MozillaThunderbird-translations-common":"115.7.0-150200.8.145.1","MozillaThunderbird-translations-other":"115.7.0-150200.8.145.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP5","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"115.7.0-150200.8.145.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"115.7.0-150200.8.145.1","MozillaThunderbird-translations-common":"115.7.0-150200.8.145.1","MozillaThunderbird-translations-other":"115.7.0-150200.8.145.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP5","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"115.7.0-150200.8.145.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"115.7.0-150200.8.145.1","MozillaThunderbird-translations-common":"115.7.0-150200.8.145.1","MozillaThunderbird-translations-other":"115.7.0-150200.8.145.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"115.7.0-150200.8.145.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\nUpdate to Mozilla Thunderbird 115.7 (MFSA 2024-04) (bsc#1218955):\n\n  - CVE-2024-0741: Out of bounds write in ANGLE\n  - CVE-2024-0742: Failure to update user input timestamp\n  - CVE-2024-0746: Crash when listing printers on Linux\n  - CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set\n  - CVE-2024-0749: Phishing site popup could show local origin in address bar\n  - CVE-2024-0750: Potential permissions request bypass via clickjacking\n  - CVE-2024-0751: Privilege escalation through devtools\n  - CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain\n  - CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7\n\nOther fixes:\n\n  * new: Autocrypt Gossip key distribution added (bmo#1853674)\n  * fixed: When starting Thunderbird, unread message count did\n    not appear on collapsed accounts (bmo#1862774)\n  * fixed: Blank window was sometimes displayed when starting\n    Thunderbird (bmo#1870817)\n  * fixed: Thunderbird '--chrome' flag incorrectly opened extra\n    messenger.xhtml (bmo#1866915)\n  * fixed: Add-ons did not start correctly when opening\n    Thunderbird from other programs (bmo#1800423)\n  * fixed: Drag-and-drop installation of add-ons did not work if\n    Add-ons Manager was opened from Unified Toolbar (bmo#1862978)\n  * fixed: Double-clicking empty space in message pane\n    incorrectly opened the currently selected message\n    (bmo#1867407)\n  * fixed: Canceling SMTP send before progress reached 100% did\n    not stop message from sending (bmo#1816540)\n  * fixed: PDF attachments open in a separate tab did not always\n    restore correctly after restarting Thunderbird (bmo#1846054)\n  * fixed: Some OpenPGP dialogs were too small for their contents\n    (bmo#1870809)\n  * fixed: Account Manager did not work with hostnames entered as\n    punycode (bmo#1870720,bmo#1872632)\n  * fixed: Downloading complete message from POP3 headers caused\n    message tab/window to close when 'Close message window/tab on\n    move or delete' was enabled (bmo#1861886)\n  * fixed: Some ECC GPG keys could not be exported (bmo#1867765)\n  * fixed: Contacts deleted from mailing list view still visible\n    in Details view (bmo#1799362)\n  * fixed: After selecting contacts in Address Book and starting\n    a new search, the search results list did not update\n    (bmo#1812726)\n  * fixed: Various UX and visual improvements (bmo#1866061,bmo#18\n    67169,bmo#1867728,bmo#1868079,bmo#1869519,bmo#1832149,bmo#185\n    6495,bmo#1861210,bmo#1861286,bmo#1863296,bmo#1864979)\n  * fixed: Security fixes\n\n- Mozilla Thunderbird 115.6.1\n  * new: OAuth2 now supported for comcast.net (bmo#1844810)\n  * fixed: High CPU usage sometimes occurred with IMAP CONDSTORE\n    (conditional STORE) enabled (bmo#1839256)\n  * fixed: Replying to a collapsed thread via keyboard shortcut\n    (Ctrl+R/Cmd+R) opened a reply for every message in the thread\n    (bmo#1866819)\n  * fixed: Enabling Grouped By view after reversing sort order of\n    column header caused messages to be grouped incorrectly\n    (bmo#1868794)\n  * fixed: Opening thread pane context menu via keyboard did not\n    always scroll view to selection (bmo#1867532)\n  * fixed: New mail indicator for POP3 accounts did not indicate\n    new messages ready to be downloaded (bmo#1870619)\n  * fixed: Messages could not be moved to folders using Message >\n    Move To if text or a link in the message had been clicked on\n    first (bmo#1868474)\n  * fixed: MIME part boundaries were not properly terminated\n    (bmo#1805558)\n","id":"SUSE-SU-2024:0242-1","modified":"2024-01-26T10:33:31Z","published":"2024-01-26T10:33:31Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20240242-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218955"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0741"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0742"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0746"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0747"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0749"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0750"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0751"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0753"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0755"}],"related":["CVE-2024-0741","CVE-2024-0742","CVE-2024-0746","CVE-2024-0747","CVE-2024-0749","CVE-2024-0750","CVE-2024-0751","CVE-2024-0753","CVE-2024-0755"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2024-0741","CVE-2024-0742","CVE-2024-0746","CVE-2024-0747","CVE-2024-0749","CVE-2024-0750","CVE-2024-0751","CVE-2024-0753","CVE-2024-0755"]}