MozillaThunderbird

pool/MozillaThunderbird

SHA256

Fork 1

02b45382fb Accepting request 1298009 from mozilla:Factory factory Dominique Leuenberger 2025-08-07 14:48:53 +00:00
5257fb9ed3 - Mozilla Thunderbird ESR 140.1.1 Fixed * Users with attachments open in tabs saw an error on Thunderbird restart * Sending from unified or local folder failed if no default account was set * Delete button could remove attachment instead of message * Message list scrolled back when returning to mail tab after opening a message devel Wolfgang Rosenauer 2025-08-06 18:14:05 +00:00
24b8a7dd97 Accepting request 1297206 from mozilla:Factory Dominique Leuenberger 2025-08-03 11:38:21 +00:00
b12070674d - Update memory constraints Wolfgang Rosenauer 2025-08-01 08:44:07 +00:00
842cecfac2 Accepting request 1295681 from mozilla:Factory Dominique Leuenberger 2025-07-25 15:05:51 +00:00
36e53452f3 - Mozilla Thunderbird ESR 140.1.0 * New folders were not added alphabetically if folders manually reordered beforehand * Message archive folder creation could silently stop during async folder creation MFSA 2025-63 (bsc#1246664) * CVE-2025-8027 (bmo#1968423) JavaScript engine only wrote partial return value to stack * CVE-2025-8028 (bmo#1971581) Large branch table could lead to truncated instruction * CVE-2025-8029 (bmo#1928021) javascript: URLs executed on object and embed tags * CVE-2025-8036 (bmo#1960834) DNS rebinding circumvents CORS * CVE-2025-8037 (bmo#1964767) Nameless cookies shadow secure cookies * CVE-2025-8030 (bmo#1968414) Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-8031 (bmo#1971719) Incorrect URL stripping in CSP reports * CVE-2025-8032 (bmo#1974407) XSLT documents could bypass CSP * CVE-2025-8038 (bmo#1808979) CSP frame-src was not correctly enforced for paths * CVE-2025-8039 (bmo#1970997) Search terms persisted in URL bar * CVE-2025-8033 (bmo#1973990) Incorrect JavaScript state machine for generators * CVE-2025-8034 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR Wolfgang Rosenauer 2025-07-25 06:36:59 +00:00
d728693161 Accepting request 1290580 from mozilla:Factory Ana Guerrero 2025-07-06 15:14:15 +00:00
8cd0971e90 - Mozilla Thunderbird ESR 128.12.0 MFSA 2025-55 (bsc#1244670) * CVE-2025-6424 (bmo#1966423) Use-after-free in FontFaceSet * CVE-2025-6425 (bmo#1717672) The WebCompat WebExtension shipped exposed a persistent UUID * CVE-2025-6426 (bmo#1964385) No warning when opening executable terminal files on macOS * CVE-2025-6429 (bmo#1970658) Incorrect parsing of URLs could have allowed embedding of youtube.com * CVE-2025-6430 (bmo#1971140) Content-Disposition header ignored when a file is included in an embed or object tag Wolfgang Rosenauer 2025-07-04 05:55:54 +00:00
d0db3c1d44 Accepting request 1287471 from mozilla:Factory Ana Guerrero 2025-06-23 13:01:39 +00:00
3a8271f9c8 - Use these tools/versions unconditionally, package won't build on Tumbleweed with new gcc15 otherwise: gcc14, gcc14-c++, cargo1.84, rust1.84 Wolfgang Rosenauer 2025-06-20 20:58:10 +00:00
85783160a3 Accepting request 1284604 from mozilla:Factory Ana Guerrero 2025-06-11 14:24:54 +00:00
28d3dfb87f - Mozilla Thunderbird ESR 128.11.1 MFSA 2025-49 * CVE-2025-5986 (bmo#1958580, bmo#1968012) Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links Wolfgang Rosenauer 2025-06-11 04:58:59 +00:00
f41fa22c90 Accepting request 1283963 from home:bmwiedemann:branches:mozilla:Factory Wolfgang Rosenauer 2025-06-09 05:31:59 +00:00
4c3dd7fae5 Accepting request 1280770 from mozilla:Factory Dominique Leuenberger 2025-05-30 12:33:07 +00:00
1f9d559ff5 128.11.0 Wolfgang Rosenauer 2025-05-28 08:21:26 +00:00
e363e60cd3 Accepting request 1279281 from mozilla:Factory Ana Guerrero 2025-05-23 12:30:49 +00:00
ae500f1db6 Accepting request 1279280 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2025-05-22 13:10:09 +00:00
61dba6b468 Accepting request 1279086 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2025-05-21 17:05:16 +00:00
17738f3082 Accepting request 1277886 from mozilla:Factory Ana Guerrero 2025-05-20 07:33:34 +00:00
fcd8a5b9c3 Mozilla Thunderbird ESR 128.10.1 boo#1243216 Wolfgang Rosenauer 2025-05-15 19:26:08 +00:00
854da840c2 - build on s390x needs 17G memory - adjust _constraints Wolfgang Rosenauer 2025-05-12 05:50:10 +00:00
ce10049049 Accepting request 1273775 from mozilla:Factory Dominique Leuenberger 2025-05-01 13:23:19 +00:00
b9baeaa3a2 - Mozilla Thunderbird ESR 128.10.0 * Changed color override defaults with high contrast mode on macOS and Linux * Using Delete column in "Search Messages..." window could delete other messages MFSA 2025-32 (bsc#1241621) * CVE-2025-2817 (bmo#1917536) Privilege escalation in Thunderbird Updater * CVE-2025-4082 (bmo#1937097) WebGL shader attribute memory corruption in Thunderbird for macOS * CVE-2025-4083 (bmo#1958350) Process isolation bypass using "javascript:" URI links in cross-origin frames * CVE-2025-4084 (bmo#1949994, bmo#1956698, bmo#1960198) Potential local code execution in "copy as cURL" command * CVE-2025-4087 (bmo#1952465) Unsafe attribute access during XPath parsing * CVE-2025-4091 (bmo#1951161, bmo#1952105) Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10 * CVE-2025-4093 (bmo#1894100) Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10 Wolfgang Rosenauer 2025-05-01 04:56:54 +00:00
54c38910af Accepting request 1269739 from mozilla:Factory Ana Guerrero 2025-04-16 18:41:05 +00:00
c689e5c508 - Mozilla Thunderbird ESR 128.9.2 * Two-factor auth via text or email did not work with Office 365 using Oauth2 * IRC channel was not visible after restart * Global indexing failed when processing email with invalid calendar data MFSA 2025-27 * CVE-2025-3522 (bmo#1955372) Leak of hashed Window credentials via crafted attachment URL * CVE-2025-2830 (bmo#1956379) Information Disclosure of /tmp directory listing * CVE-2025-3523 (bmo#1958385) User Interface (UI) Misrepresentation of attachment URL Wolfgang Rosenauer 2025-04-15 20:22:14 +00:00
3b46ee9f7d Accepting request 1267257 from mozilla:Factory Ana Guerrero 2025-04-07 15:36:30 +00:00
3d88ad317c - Mozilla Thunderbird ESR 128.9.1 * Added delay to built-in notifications when new profile is created in offline mode Wolfgang Rosenauer 2025-04-05 06:08:22 +00:00
b1b911784f Accepting request 1266906 from mozilla:Factory Ana Guerrero 2025-04-04 15:29:40 +00:00
e07f492a0e - Update to use BuildRequires on clang-devel on Tumbleweed/Factory instead of clang18-tools. Wolfgang Rosenauer 2025-04-03 14:13:23 +00:00
af5a3d9fed OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=805 Wolfgang Rosenauer 2025-04-02 12:21:20 +00:00
68f355c94d - Mozilla Thunderbird ESR 128.9.0 * Thunderbird now has a notification system for real-time desktop alerts * Data corruption occurred when compacting IMAP Drafts folder after saving a message * Right-clicking "Decrypt and Save As..." on an attachment file failed. * Thunderbird could crash when importing mail * Sort indicators were missing on the calendar events list MFSA 2025-24 (bsc#1240083) * CVE-2025-3028 (bmo#1941002) Use-after-free triggered by XSLTProcessor * CVE-2025-3029 (bmo#1952213) URL Bar Spoofing via non-BMP Unicode characters * CVE-2025-3030 (bmo#1850615, bmo#1932468, bmo#1942551, bmo#1951017, bmo#1951494) Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 Wolfgang Rosenauer 2025-04-02 05:39:42 +00:00
d3ef7590d8 Accepting request 1250560 from mozilla:Factory Ana Guerrero 2025-03-06 13:49:19 +00:00
9ba0808add - Mozilla Thunderbird 128.8.0 * Opening an .EML file in profiles with many folders could take a long time * Users with many folders experienced poor performance when resizing message panes * "Replace" button in compose window was overwritten when the window was narrow * Export to mobile did not work when "Use default server" was selected * "Save Link As" was not working in feed web content MFSA 2025-18 (bsc#1237683) * CVE-2024-43097 (bmo#1945624) Overflow when growing an SkRegion's RunArray * CVE-2025-1930 (bmo#1902309) AudioIPC StreamData could trigger a use-after-free in the Browser process * CVE-2025-1931 (bmo#1944126) Use-after-free in WebTransportChild * CVE-2025-1932 (bmo#1944313) Inconsistent comparator in XSLT sorting led to out-of-bounds access * CVE-2025-1933 (bmo#1946004) JIT corruption of WASM i32 return values on 64-bit CPUs * CVE-2025-1934 (bmo#1942881) Unexpected GC during RegExp bailout processing * CVE-2025-1935 (bmo#1866661) Clickjacking the registerProtocolHandler info-bar * CVE-2025-1936 (bmo#1940027) Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents * CVE-2025-1937 (bmo#1938471, bmo#1940716) Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 Wolfgang Rosenauer 2025-03-06 07:43:59 +00:00
6b8eb9f5ee Accepting request 1247240 from mozilla:Factory Ana Guerrero 2025-02-20 15:39:54 +00:00
af64080f00 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=800 Wolfgang Rosenauer 2025-02-19 08:22:38 +00:00
db1e78a2ef Accepting request 1243477 from mozilla:Factory Ana Guerrero 2025-02-05 20:56:37 +00:00
d40086077f OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=798 Wolfgang Rosenauer 2025-02-05 10:41:41 +00:00
f891bd20fd Accepting request 1240635 from mozilla:Factory Ana Guerrero 2025-01-28 13:59:11 +00:00
742b1a6892 changelog for 128.6.1 with boo#1236411 Wolfgang Rosenauer 2025-01-27 20:19:22 +00:00
f4b4e6359e Accepting request 1237936 from mozilla:Factory Ana Guerrero 2025-01-15 16:43:47 +00:00
382cf0734e - Mozilla Thunderbird 128.6.0 * New mail notification was not hidden after reading the new message * New mail notification could show for the wrong folder, causing repeated alerts * macOS shortcut CMD+1 did not restore the main window when it was minimized * Clicking the context menu "Reply" button resulted in "Reply-All" * Switching from "All", "Unread", and "Threads with unread" did not work * Downloading message headers from a newsgroup could cause a hang * Message list performance slow when many updates happened at once * "mailto:" links did not apply the compose format of the current identity * Authentication failure of AUTH PLAIN or AUTH LOGIN did not fall back to USERPASS MFSA 2025-05 (bsc#1234991) * CVE-2025-0237 (bmo#1915257) WebChannel APIs susceptible to confused deputy attack * CVE-2025-0238 (bmo#1915535) Use-after-free when breaking lines in text * CVE-2025-0239 (bmo#1929156) Alt-Svc ALPN validation failure when redirected * CVE-2025-0240 (bmo#1929623) Compartment mismatch when parsing JavaScript JSON module * CVE-2025-0241 (bmo#1933023) Memory corruption when using JavaScript Text Segmentation * CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 * CVE-2025-0243 (bmo#1827142, bmo#1932783) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Wolfgang Rosenauer 2025-01-14 20:39:07 +00:00
e73180c381 Accepting request 1231002 from mozilla:Factory Ana Guerrero 2024-12-16 18:09:42 +00:00
d53c49e081 - Mozilla Thunderbird 128.5.2 * Large virtual folders could be very slow * Message could disappear after moving from IMAP folder followed by Undo and Redo * XMPP chat did not display messages sent inside a CDATA element * Selected calendar day did not move forward at midnight * Today pane agenda sometimes scrolled for no apparent reason * CalDAV calendars without offline support could degrade start-up performance * Visual and UX improvements MFSA 2024-69 * CVE-2024-50336 (bmo#1929264) matrix-js-sdk has insufficient MXC URI validation which could allow client-side path traversal Wolfgang Rosenauer 2024-12-14 14:13:35 +00:00
818a440a31 Accepting request 1227967 from mozilla:Factory Ana Guerrero 2024-12-03 19:47:16 +00:00
48c0721353 - Mozilla Thunderbird 128.5.1 * Add end of year donation appeal * Total message count for favorite folders did not work consistently Wolfgang Rosenauer 2024-12-03 10:26:37 +00:00
94c99d3af2 Accepting request 1226643 from mozilla:Factory Ana Guerrero 2024-11-27 21:11:26 +00:00
98a906a372 - Mozilla Thunderbird 128.5.0 * IMAP could crash when reading cached messages * Enabling "Show Folder Size" on Maildir profile could render Thunderbird unusable * Messages corrupted by folder compaction were only fixed by user intervention * Reading a message from past the end of an mbox file did not cause an error * View -> Folders had duplicate F access keys * Add-ons adding columns to the message list could fail and cause display issue * "Empty trash on exit" and "Expunge inbox on exit" did not always work * Selecting a display option in View -> Tasks did not apply in the Task interface MFSA 2024-68 (bsc#1233695) * CVE-2024-11691 (bmo#1914707, bmo#1924184) Memory corruption in Apple GPU drivers * CVE-2024-11692 (bmo#1909535) Select list elements could be shown over another site * CVE-2024-11693 (bmo#1921458) Download Protections were bypassed by .library-ms files on Windows * CVE-2024-11694 (bmo#1924167) CSP Bypass and XSS Exposure via Web Compatibility Shims * CVE-2024-11695 (bmo#1925496) URL Bar Spoofing via Manipulated Punycode and Whitespace Characters * CVE-2024-11696 (bmo#1929600) Unhandled Exception in Add-on Signature Verification * CVE-2024-11697 (bmo#1842187) Improper Keypress Handling in Executable File Confirmation Dialog Wolfgang Rosenauer 2024-11-26 18:45:19 +00:00
c2c19a4a10 Accepting request 1225214 from mozilla:Factory Ana Guerrero 2024-11-20 16:00:23 +00:00
60298df72a - Mozilla Thunderbird 128.4.4 * QR codes were not scannable by Android app when using most high-contrast themes * Primary password prompt cancellation during mobile export was confusing - revert using xdg-desktop-portal as some desktops have limited support Wolfgang Rosenauer 2024-11-20 07:45:37 +00:00
3d8cfe7559 Accepting request 1224250 from mozilla:Factory Ana Guerrero 2024-11-15 14:42:42 +00:00
4d2fed0f19 MFSA 2024-61 * CVE-2024-11159 (bmo#1925929) Potential disclosure of plaintext in OpenPGP encrypted message Wolfgang Rosenauer 2024-11-14 16:17:04 +00:00
b6bf4d10d2 - Mozilla Thunderbird 128.4.3 Fixes: * Folder corruption could cause Thunderbird to freeze and become unusable * Message corruption could be propagated when reading mbox * Folder compaction was not abandoned on shutdown * Folder compaction did not clean up on failure * Collapsed NNTP thread incorrectly indicated there were unread messages * Navigating to next unread message did not wait for all messages to be loaded * Applying column view to folder and children could break if folder error occurred * Remote content notifications were broken with encrypted messages * Updating criteria of a saved search resulted in poor search performance * Drop-downs may not work in some places - remove kmozillahelper support (boo#1226112) * removed mozilla-kde.patch * requires xdg-desktop-portal instead Wolfgang Rosenauer 2024-11-12 15:57:55 +00:00
6a814cf117 Accepting request 1222591 from mozilla:Factory Ana Guerrero 2024-11-08 11:00:14 +00:00
76d8c3602d Mozilla Thunderbird 128.4.2 Wolfgang Rosenauer 2024-11-07 21:02:45 +00:00
b91e9162ab Accepting request 1219576 from mozilla:Factory Dominique Leuenberger 2024-10-30 17:05:09 +00:00
55323a4dd2 - Mozilla Thunderbird 128.4.0 * Export Thunderbird account settings to Thunderbird Mobile via QRCode Bugfixes: * Unable to send an unencrypted response to an OpenPGP encrypted message MFSA 2024-58 (bsc#1231879) * CVE-2024-10458 (bmo#1921733) Permission leak via embed or object elements * CVE-2024-10459 (bmo#1919087) Use-after-free in layout with accessibility * CVE-2024-10460 (bmo#1912537) Confusing display of origin for external protocol handler prompt * CVE-2024-10461 (bmo#1914521) XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response * CVE-2024-10462 (bmo#1920423) Origin of permission prompt could be spoofed by long URL * CVE-2024-10463 (bmo#1920800) Cross origin video frame leak * CVE-2024-10464 (bmo#1913000) History interface could have been used to cause a Denial of Service condition in the browser * CVE-2024-10465 (bmo#1918853) Clipboard "paste" button persisted across tabs * CVE-2024-10466 (bmo#1924154) DOM push subscription message could hang Firefox * CVE-2024-10467 (bmo#1829029, bmo#1888538, bmo#1900394, bmo#1904059, bmo#1917742, bmo#1919809, bmo#1923706) Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 Wolfgang Rosenauer 2024-10-30 13:57:01 +00:00
89bb3656e7 Accepting request 1217157 from mozilla:Factory Ana Guerrero 2024-10-23 19:10:36 +00:00
a0efbebc8c Mozilla Thunderbird 128.3.3 Wolfgang Rosenauer 2024-10-23 07:03:59 +00:00
cf32d334ea Accepting request 1208840 from mozilla:Factory Ana Guerrero 2024-10-18 13:58:20 +00:00
4aa15214bf - Mozilla Thunderbird 128.3.2 bugfix release: https://www.thunderbird.net/en-US/thunderbird/128.3.2esr/releasenotes - bring back mozilla-bmo531915.patch to fix x86 Wolfgang Rosenauer 2024-10-18 10:35:47 +00:00
b59cbcd641 Accepting request 1207082 from mozilla:Factory Ana Guerrero 2024-10-11 15:02:38 +00:00
1fd0463a82 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=773 Wolfgang Rosenauer 2024-10-11 07:57:33 +00:00
18f716d93a - Mozilla Thunderbird 128.3.1 https://www.thunderbird.net/en-US/thunderbird/128.0esr/releasenotes/ and following release notes for minor version updates MFSA 2024-52 (bsc#1231413) * CVE-2024-9680 (bmo#1923344) Use-after-free in Animation timeline Mozilla Thunderbird 128.3.0 MFSA 2024-32 (128.0) MFSA 2024-37 (128.1) MFSA 2024-43 (128.2) MFSA 2024-49 (128.3) (bsc#1230979) * CVE-2024-9392 (bmo#1899154, bmo#1905843) Compromised content process can bypass site isolation * CVE-2024-9393 (bmo#1918301) Cross-origin access to PDF contents through multipart responses * CVE-2024-9394 (bmo#1918874) Cross-origin access to JSON contents through multipart responses * CVE-2024-8900 (bmo#1872841) Clipboard write permission bypass * CVE-2024-9396 (bmo#1912471) Potential memory corruption may occur when cloning certain objects * CVE-2024-9397 (bmo#1916659) Potential directory upload bypass via clickjacking * CVE-2024-9398 (bmo#1881037) External protocol handlers could be enumerated via popups * CVE-2024-9399 (bmo#1907726) Specially crafted WebTransport requests could lead to denial of service * CVE-2024-9400 (bmo#1915249) Potential memory corruption during JIT compilation Wolfgang Rosenauer 2024-10-11 05:22:34 +00:00
929d950c92 Accepting request 1199551 from mozilla:Factory Ana Guerrero 2024-09-09 12:45:07 +00:00
96fa744639 - Mozilla Thunderbird 115.15.0 MFSA 2024-44 (bsc#1229821) * CVE-2024-8381 (bmo#1912715) Type confusion when looking up a property name in a "with" block * CVE-2024-8382 (bmo#1906744) Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran * CVE-2024-8384 (bmo#1911288) Garbage collection could mis-color cross-compartment objects in OOM conditions Wolfgang Rosenauer 2024-09-09 06:51:08 +00:00
1e3265442f Accepting request 1192519 from mozilla:Factory Dominique Leuenberger 2024-08-09 14:14:05 +00:00
a523c0c1eb MFSA 2024-38 (bsc#1228648) * CVE-2024-7519 (bmo#1902307) Out of bounds memory access in graphics shared memory handling * CVE-2024-7521 (bmo#1904644) Incomplete WebAssembly exception handing * CVE-2024-7522 (bmo#1906727) Out of bounds read in editor component * CVE-2024-7525 (bmo#1909298) Missing permission check when creating a StreamFilter * CVE-2024-7526 (bmo#1910306) Uninitialized memory used by WebGL * CVE-2024-7527 (bmo#1871303) Use-after-free in JavaScript garbage collection * CVE-2024-7529 (bmo#1903187) Document content could partially obscure security prompts Wolfgang Rosenauer 2024-08-08 06:18:03 +00:00
e0c4462a11 115.14.0, with changelog added Wolfgang Rosenauer 2024-08-08 06:15:00 +00:00
548d5068a2 Accepting request 1187370 from mozilla:Factory Ana Guerrero 2024-07-15 17:48:43 +00:00
d30235b5b6 - Mozilla Thunderbird 115.13.0 * After starting Thunderbird, the message list position was sometimes set to an incorrect position MFSA 2024-30 (bsc#1226316) * CVE-2024-6600 (bmo#1888340) Memory corruption in WebGL API * CVE-2024-6601 (bmo#1890748) Race condition in permission assignment * CVE-2024-6602 (bmo#1895032) Memory corruption in NSS * CVE-2024-6603 (bmo#1895081) Memory corruption in thread creation * CVE-2024-6604 (bmo#1748105, bmo#1837550, bmo#1884266) Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 Wolfgang Rosenauer 2024-07-14 10:15:54 +00:00
9cc5c44788 Accepting request 1185328 from mozilla:Factory Ana Guerrero 2024-07-04 14:27:26 +00:00
8ba563b611 Accepting request 1184892 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2024-07-04 07:50:23 +00:00
12fa6354eb Accepting request 1181261 from mozilla:Factory Ana Guerrero 2024-06-17 17:33:19 +00:00
8e5843b066 - Mozilla Thunderbird 115.12.0 https://www.thunderbird.net/en-US/thunderbird/115.12.0/releasenotes MFSA 2024-28 (bsc#1226027) * CVE-2024-5702 (bmo#1193389) Use-after-free in networking * CVE-2024-5688 (bmo#1895086) Use-after-free in JavaScript object transplant * CVE-2024-5690 (bmo#1883693) External protocol handlers leaked by timing attack * CVE-2024-5691 (bmo#1888695) Sandboxed iframes were able to bypass sandbox restrictions to open a new window * CVE-2024-5692 (bmo#1891234) Bypass of file name restrictions during saving * CVE-2024-5693 (bmo#1891319) Cross-Origin Image leak via Offscreen Canvas * CVE-2024-5696 (bmo#1896555) Memory Corruption in Text Fragments * CVE-2024-5700 (bmo#1862809, bmo#1889355, bmo#1893388, bmo#1895123) Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 Wolfgang Rosenauer 2024-06-17 08:14:14 +00:00
5e31e2142b Accepting request 1179943 from mozilla:Factory Ana Guerrero 2024-06-11 16:31:01 +00:00
642c037730 - Mozilla Thunderbird 115.11.1 * Added a short anonymous survey that a small number of users will be randomly asked to complete Wolfgang Rosenauer 2024-06-04 07:15:57 +00:00
7c82cf4bcb Accepting request 1175556 from mozilla:Factory Ana Guerrero 2024-05-21 16:37:20 +00:00
c53405a61a - Mozilla Thunderbird 115.11.0 MFSA 2024-23 (bsc#1224056) * CVE-2024-4367 (bmo#1893645) Arbitrary JavaScript execution in PDF.js * CVE-2024-4767 (bmo#1878577) IndexedDB files retained in private browsing mode * CVE-2024-4768 (bmo#1886082) Potential permissions request bypass via clickjacking * CVE-2024-4769 (bmo#1886108) Cross-origin responses could be distinguished between script and non-script content-types * CVE-2024-4770 (bmo#1893270) Use-after-free could occur when printing to PDF * CVE-2024-4777 (bmo#1878199, bmo#1893340) Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 Wolfgang Rosenauer 2024-05-17 13:37:32 +00:00
0763350234 Accepting request 1171966 from mozilla:Factory Ana Guerrero 2024-05-06 15:52:58 +00:00
bb96f838d2 Accepting request 1171925 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2024-05-05 09:06:17 +00:00
94e186235a Accepting request 1169354 from mozilla:Factory Ana Guerrero 2024-04-21 18:27:23 +00:00
ecbf912dc5 - Mozilla Thunderbird 115.10.1 https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/ * fixed hangup introduced with 115.10.0 (bmo#1891889) Wolfgang Rosenauer 2024-04-20 13:14:08 +00:00
d92bff57c9 Accepting request 1160556 from mozilla:Factory Ana Guerrero 2024-03-22 14:21:37 +00:00
3ba157ec15 - LLVM18 breaks building Thunderbird on Tumbleweed; add * mozilla-fix-issues-with-llvm18.patch Wolfgang Rosenauer 2024-03-22 07:53:18 +00:00
a874894d44 Accepting request 1155826 from mozilla:Factory Dominique Leuenberger 2024-03-07 17:30:09 +00:00
4388f6b916 - Mozilla Thunderbird 115.8.1 https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/ MFSA 2024-11 * CVE-2024-1936 (bmo#1860977) Leaking of encrypted email subjects to other conversations Wolfgang Rosenauer 2024-03-07 08:26:29 +00:00
0e6aab1e2d Accepting request 1150520 from mozilla:Factory Ana Guerrero 2024-02-26 18:45:04 +00:00
d3a997ecec Accepting request 1150189 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2024-02-25 21:23:03 +00:00
e3fe8edab3 Accepting request 1141172 from mozilla:Factory Ana Guerrero 2024-01-24 18:05:45 +00:00
b28fc45f13 - Mozilla Thunderbird 115.7.0 https://www.thunderbird.net/en-US/thunderbird/115.7.0/releasenotes/ MFSA 2024-04 (bsc#1218955) * CVE-2024-0741 (bmo#1864587) Out of bounds write in ANGLE * CVE-2024-0742 (bmo#1867152) Failure to update user input timestamp * CVE-2024-0746 (bmo#1660223) Crash when listing printers on Linux * CVE-2024-0747 (bmo#1764343) Bypass of Content Security Policy when directive unsafe-inline was set * CVE-2024-0749 (bmo#1813463) Phishing site popup could show local origin in address bar * CVE-2024-0750 (bmo#1863083) Potential permissions request bypass via clickjacking * CVE-2024-0751 (bmo#1865689) Privilege escalation through devtools * CVE-2024-0753 (bmo#1870262) HSTS policy on subdomain could bypass policy of upper domain * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701) Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 Wolfgang Rosenauer 2024-01-24 08:26:57 +00:00
8b936efa7d Accepting request 1138352 from mozilla:Factory Ana Guerrero 2024-01-12 22:46:51 +00:00
dc40555405 Accepting request 1137913 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2024-01-12 16:08:01 +00:00
7a4d4e067c Accepting request 1134147 from mozilla:Factory Ana Guerrero 2023-12-20 20:02:30 +00:00
bbc012a208 - Mozilla Thunderbird 115.6.0 https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/ * Message selection misbehaved after selecting a sub-message in an expanded thread, collapsing the thread, then pressing up/down to move selection * Thunderbird now attempts to reconnect on a new connection after SMTP 4xx errors * HTML FileLink attachments used the wrong encoding MFSA 2023-55 (bsc#1217230) * CVE-2023-50762 (bmo#1862625) Truncated signed text was shown with a valid OpenPGP signature * CVE-2023-50761 (bmo#1865647) S/MIME signature accepted despite mismatching message date * CVE-2023-6856 (bmo#1843782) Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver * CVE-2023-6857 (bmo#1796023) Symlinks may resolve to smaller than expected buffers * CVE-2023-6858 (bmo#1826791) Heap buffer overflow in nsTextFragment * CVE-2023-6859 (bmo#1840144) Use-after-free in PR_GetIdentitiesLayer * CVE-2023-6860 (bmo#1854669) Potential sandbox escape due to VideoBridge lack of texture validation * CVE-2023-6861 (bmo#1864118) Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode * CVE-2023-6862 (bmo#1868042) Wolfgang Rosenauer 2023-12-20 08:34:54 +00:00
68aa3a7dc3 Accepting request 1132769 from mozilla:Factory Ana Guerrero 2023-12-13 17:35:07 +00:00
bd13e76487 - Mozilla Thunderbird 115.5.2 Bugfix release https://www.thunderbird.net/en-US/thunderbird/115.5.2/releasenotes/ Wolfgang Rosenauer 2023-12-12 22:10:43 +00:00
afd0637e40 Accepting request 1129733 from mozilla:Factory Ana Guerrero 2023-11-29 20:21:06 +00:00
5835378f85 - Mozilla Thunderbird 115.5.1 Bugfix release https://www.thunderbird.net/en-US/thunderbird/115.5.1/releasenotes * Advanced GnuPG keys may be protected with an unexpected passphrase * OpenPGP signatures rejected due to mismatched signature timestamp now display signature timestamp and clarifying message * Advanced address book search did not return results if display name was left blank * Clicking on attendee when inviting attendees added the attendee twice Wolfgang Rosenauer 2023-11-29 07:32:44 +00:00
9e1f2838a9 Accepting request 1128271 from mozilla:Factory Ana Guerrero 2023-11-23 20:41:38 +00:00
480e0302f0 MFSA 2023-52 (bsc#1217230) Wolfgang Rosenauer 2023-11-23 08:16:17 +00:00

Commit Graph Select branches Hide Pull Requests devel factory Mono Color

Commit Graph

Select branches

Hide Pull Requests

devel

factory