{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.4.3-150200.8.188.1","MozillaThunderbird-translations-common":"128.4.3-150200.8.188.1","MozillaThunderbird-translations-other":"128.4.3-150200.8.188.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP5","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.4.3-150200.8.188.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.4.3-150200.8.188.1","MozillaThunderbird-translations-common":"128.4.3-150200.8.188.1","MozillaThunderbird-translations-other":"128.4.3-150200.8.188.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.4.3-150200.8.188.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.4.3-150200.8.188.1","MozillaThunderbird-translations-common":"128.4.3-150200.8.188.1","MozillaThunderbird-translations-other":"128.4.3-150200.8.188.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP5","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.4.3-150200.8.188.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.4.3-150200.8.188.1","MozillaThunderbird-translations-common":"128.4.3-150200.8.188.1","MozillaThunderbird-translations-other":"128.4.3-150200.8.188.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP6","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.4.3-150200.8.188.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.4.3-150200.8.188.1","MozillaThunderbird-translations-common":"128.4.3-150200.8.188.1","MozillaThunderbird-translations-other":"128.4.3-150200.8.188.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.4.3-150200.8.188.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.4.3-150200.8.188.1","MozillaThunderbird-translations-common":"128.4.3-150200.8.188.1","MozillaThunderbird-translations-other":"128.4.3-150200.8.188.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.4.3-150200.8.188.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\n- Mozilla Thunderbird 128.4.3\n  * fixed: Folder corruption could cause Thunderbird to freeze\n    and become unusable\n  * fixed: Message corruption could be propagated when reading mbox\n  * fixed: Folder compaction was not abandoned on shutdown\n  * fixed: Folder compaction did not clean up on failure\n  * fixed: Collapsed NNTP thread incorrectly indicated there were\n    unread messages\n  * fixed: Navigating to next unread message did not wait for all\n    messages to be loaded\n  * fixed: Applying column view to folder and children could\n    break if folder error occurred\n  * fixed: Remote content notifications were broken with\n    encrypted messages\n  * fixed: Updating criteria of a saved search resulted in poor\n    search performance\n  * fixed: Drop-downs may not work in some places\n  * fixed: Security fixes\n  MFSA 2024-61 (bsc#1233355)\n  * CVE-2024-11159 Potential disclosure of plaintext in OpenPGP encrypted message\n\n- Mozilla Thunderbird 128.4.2\n  * changed: Increased the auto-compaction threshold to reduce\n    frequency of compaction\n  * fixed: New profile creation caused console errors\n  * fixed: Repair folder could result in older messages showing\n    wrong date and time\n  * fixed: Recently deleted messages could become undeleted if\n    message compaction failed\n  * fixed: Visual and UX improvements\n  * fixed: Clicking on an HTML button could cause Thunderbird to freeze\n  * fixed: Messages could not be selected for dragging\n  * fixed: Could not open attached file in a MIME encrypted message\n  * fixed: Account creation 'Setup Documentation' link was broken\n  * fixed: Unable to generate QR codes when exporting to mobile\n    in some cases\n  * fixed: Operating system reauthentication was missing when\n    exporting QR codes for mobile\n  * fixed: Could not drag all-day events from one day to another\n    in week view\n\n- Mozilla Thunderbird 128.4.1\n  * new: Add the 20 year donation appeal\n\n- Mozilla Thunderbird 128.4\n  * new: Export Thunderbird account settings to Thunderbird\n    Mobile via QRCode\n  * fixed: Unable to send an unencrypted response to an OpenPGP\n    encrypted message\n  * fixed: Thunderbird update did not update language pack\n    version until another restart\n  * fixed: Security fixes\n  MFSA 2024-58 (bsc#1231879)\n  * CVE-2024-10458 Permission leak via embed or object elements\n  * CVE-2024-10459 Use-after-free in layout with accessibility\n  * CVE-2024-10460 Confusing display of origin for external protocol handler prompt\n  * CVE-2024-10461 XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response\n  * CVE-2024-10462 Origin of permission prompt could be spoofed by long URL\n  * CVE-2024-10463 Cross origin video frame leak\n  * CVE-2024-10464 History interface could have been used to cause a Denial of Service condition in the browser\n  * CVE-2024-10465 Clipboard 'paste' button persisted across tabs\n  * CVE-2024-10466 DOM push subscription message could hang Firefox\n  * CVE-2024-10467 Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4\n","id":"SUSE-SU-2024:4050-1","modified":"2024-11-25T15:37:44Z","published":"2024-11-25T15:37:44Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20244050-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231879"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233355"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-10458"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-10459"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-10460"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-10461"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-10462"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-10463"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-10464"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-10465"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-10466"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-10467"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-11159"}],"related":["CVE-2024-10458","CVE-2024-10459","CVE-2024-10460","CVE-2024-10461","CVE-2024-10462","CVE-2024-10463","CVE-2024-10464","CVE-2024-10465","CVE-2024-10466","CVE-2024-10467","CVE-2024-11159"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2024-10458","CVE-2024-10459","CVE-2024-10460","CVE-2024-10461","CVE-2024-10462","CVE-2024-10463","CVE-2024-10464","CVE-2024-10465","CVE-2024-10466","CVE-2024-10467","CVE-2024-11159"]}