Updated thunderbird packages fix security vulnerabilities
Publication date: 09 Nov 2024Modification date: 09 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10458 , CVE-2024-10459 , CVE-2024-10460 , CVE-2024-10461 , CVE-2024-10462 , CVE-2024-10463 , CVE-2024-10464 , CVE-2024-10465 , CVE-2024-10466 , CVE-2024-10467
Description
Permission leak via embed or object elements. (CVE-2024-10458) Use-after-free in layout with accessibility. (CVE-2024-10459) Confusing display of origin for external protocol handler prompt. (CVE-2024-10460) XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response. (CVE-2024-10461) Origin of permission prompt could be spoofed by long URL. (CVE-2024-10462) Cross origin video frame leak. (CVE-2024-10463) History interface could have been used to cause a Denial of Service condition in the browser. (CVE-2024-10464) Clipboard "paste" button persisted across tabs. (CVE-2024-10465) DOM push subscription message could hang Firefox. (CVE-2024-10466) Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4. (CVE-2024-10467)
References
- https://bugs.mageia.org/show_bug.cgi?id=33714
- https://www.thunderbird.net/en-US/thunderbird/128.3.3esr/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/128.4.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10458
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10459
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10460
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10461
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10462
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10463
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10464
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10465
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10466
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10467
SRPMS
9/core
- thunderbird-128.4.0-1.mga9
- thunderbird-l10n-128.4.0-1.mga9