pool/MozillaThunderbird
SHA256
20
0
Fork 4
Code Issues Pull Requests 1 Activity

Update to 140.5.0 ESR #7

Closed
Yoshio_Sato wants to merge 1 commits from (deleted):leap-16.0 into leap-16.0
pull from: (deleted):leap-16.0
merge into: pool:leap-16.0
Conversation 0 Commits 1 Files Changed 8 +101 -25
Yoshio_Sato commented 2025-11-17 11:32:39 +01:00
Contributor
Copy Link
  • Mozilla Thunderbird 140.5.0 ESR
    MFSA 2025-91 (bsc#1253188)
    • CVE-2025-13012 (bmo#1991458)
      Race condition in the Graphics component
    • CVE-2025-13016 (bmo#1992130)
      Incorrect boundary conditions in the JavaScript: WebAssembly
      component
    • CVE-2025-13017 (bmo#1980904)
      Same-origin policy bypass in the DOM: Notifications component
    • CVE-2025-13018 (bmo#1984940)
      Mitigation bypass in the DOM: Security component
    • CVE-2025-13019 (bmo#1988412)
      Same-origin policy bypass in the DOM: Workers component
    • CVE-2025-13013 (bmo#1991945)
      Mitigation bypass in the DOM: Core & HTML component
    • CVE-2025-13020 (bmo#1995686)
      Use-after-free in the WebRTC: Audio/Video component
    • CVE-2025-13014 (bmo#1994241)
      Use-after-free in the Audio/Video component
    • CVE-2025-13015 (bmo#1994164)
      Spoofing issue in Thunderbird
    • fixed: Could not drag and drop ICS file to Today Pane
      (bmo#1992935)
    • fixed: With Thunderbird closed, clicking a 'mailto:' link to
      send signed message failed (bmo#1972857)
    • fixed: Upgrade from 128.x->140.x broke authentication for
      @att.net using Yahoo backend (bmo#1978361)
- Mozilla Thunderbird 140.5.0 ESR MFSA 2025-91 (bsc#1253188) * CVE-2025-13012 (bmo#1991458) Race condition in the Graphics component * CVE-2025-13016 (bmo#1992130) Incorrect boundary conditions in the JavaScript: WebAssembly component * CVE-2025-13017 (bmo#1980904) Same-origin policy bypass in the DOM: Notifications component * CVE-2025-13018 (bmo#1984940) Mitigation bypass in the DOM: Security component * CVE-2025-13019 (bmo#1988412) Same-origin policy bypass in the DOM: Workers component * CVE-2025-13013 (bmo#1991945) Mitigation bypass in the DOM: Core & HTML component * CVE-2025-13020 (bmo#1995686) Use-after-free in the WebRTC: Audio/Video component * CVE-2025-13014 (bmo#1994241) Use-after-free in the Audio/Video component * CVE-2025-13015 (bmo#1994164) Spoofing issue in Thunderbird * fixed: Could not drag and drop ICS file to Today Pane (bmo#1992935) * fixed: With Thunderbird closed, clicking a 'mailto:' link to send signed message failed (bmo#1972857) * fixed: Upgrade from 128.x->140.x broke authentication for @att.net using Yahoo backend (bmo#1978361)
Yoshio_Sato added 1 commit 2025-11-17 11:32:39 +01:00
Update to 140.5esr de12af5ebf
autogits_workflow_pr_bot requested review from legaldb 2025-11-17 11:32:45 +01:00
autogits_workflow_pr_bot requested review from maintenance-release-review 2025-11-17 11:32:45 +01:00
autogits_workflow_pr_bot requested review from opensuse-review 2025-11-17 11:32:45 +01:00
Yoshio_Sato closed this pull request 2025-11-17 11:32:50 +01:00

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No Reviewers
legaldb
maintenance-release-review
opensuse-review
Labels
Clear labels
legaldb
Critical Priority
Critical legaldb priority
Archived
legaldb
High Priority
2
High legaldb priority
legaldb
Normal Priority
1
Normal legaldb priority
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
adamm_super adrianSuSE autobuild-owner autobuild-review autogits_workflow_pr_bot bigironman dirkmueller eroca factory_bot gitea_test legaldb lkocman-factory maxlin_factory opensuse-review packagehub-review smithfarm
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: pool/MozillaThunderbird#7
Delete Branch "(deleted):leap-16.0"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?