{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.5.0-150200.8.191.1","MozillaThunderbird-translations-common":"128.5.0-150200.8.191.1","MozillaThunderbird-translations-other":"128.5.0-150200.8.191.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP5","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.5.0-150200.8.191.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.5.0-150200.8.191.1","MozillaThunderbird-translations-common":"128.5.0-150200.8.191.1","MozillaThunderbird-translations-other":"128.5.0-150200.8.191.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.5.0-150200.8.191.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.5.0-150200.8.191.1","MozillaThunderbird-translations-common":"128.5.0-150200.8.191.1","MozillaThunderbird-translations-other":"128.5.0-150200.8.191.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP5","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.5.0-150200.8.191.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.5.0-150200.8.191.1","MozillaThunderbird-translations-common":"128.5.0-150200.8.191.1","MozillaThunderbird-translations-other":"128.5.0-150200.8.191.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP6","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.5.0-150200.8.191.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.5.0-150200.8.191.1","MozillaThunderbird-translations-common":"128.5.0-150200.8.191.1","MozillaThunderbird-translations-other":"128.5.0-150200.8.191.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.5.0-150200.8.191.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.5.0-150200.8.191.1","MozillaThunderbird-translations-common":"128.5.0-150200.8.191.1","MozillaThunderbird-translations-other":"128.5.0-150200.8.191.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.5.0-150200.8.191.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\n- Mozilla Thunderbird 128.5\n  * fixed: IMAP could crash when reading cached messages\n  * fixed: Enabling 'Show Folder Size' on Maildir profile could\n    render Thunderbird unusable\n  * fixed: Messages corrupted by folder compaction were only\n    fixed by user intervention\n  * fixed: Reading a message from past the end of an mbox file\n    did not cause an error\n  * fixed: View -> Folders had duplicate F access keys\n  * fixed: Add-ons adding columns to the message list could fail\n    and cause display issue\n  * fixed: 'Empty trash on exit' and 'Expunge inbox on exit' did\n    not always work\n  * fixed: Selecting a display option in View -> Tasks did not\n    apply in the Task interface\n  * fixed: Security fixes\n  MFSA 2024-68 (bsc#1233695)\n  * CVE-2024-11691 Out-of-bounds write in Apple GPU drivers via WebGL\n  * CVE-2024-11692 Select list elements could be shown over another site\n  * CVE-2024-11693 Download Protections were bypassed by .library-ms files on Windows\n  * CVE-2024-11694 CSP Bypass and XSS Exposure via Web Compatibility Shims\n  * CVE-2024-11695 URL Bar Spoofing via Manipulated Punycode and Whitespace Characters\n  * CVE-2024-11696 Unhandled Exception in Add-on Signature Verification\n  * CVE-2024-11697 Improper Keypress Handling in Executable File Confirmation Dialog\n  * CVE-2024-11698 Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS\n  * CVE-2024-11699 Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5\n\n- Handle upstream changes with esr-prefix of desktop-file (bsc#1233650)\n","id":"SUSE-SU-2024:4148-1","modified":"2024-12-03T09:10:17Z","published":"2024-12-03T09:10:17Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20244148-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233650"},{"type":"REPORT","url":"https://bugzilla.suse.com/1233695"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-11691"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-11692"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-11693"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-11694"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-11695"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-11696"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-11697"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-11698"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-11699"}],"related":["CVE-2024-11691","CVE-2024-11692","CVE-2024-11693","CVE-2024-11694","CVE-2024-11695","CVE-2024-11696","CVE-2024-11697","CVE-2024-11698","CVE-2024-11699"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2024-11691","CVE-2024-11692","CVE-2024-11693","CVE-2024-11694","CVE-2024-11695","CVE-2024-11696","CVE-2024-11697","CVE-2024-11698","CVE-2024-11699"]}