Advisories ยป MGASA-2024-0350

Updated thunderbird packages fix security vulnerabilities

Publication date: 09 Nov 2024
Modification date: 09 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10458 , CVE-2024-10459 , CVE-2024-10460 , CVE-2024-10461 , CVE-2024-10462 , CVE-2024-10463 , CVE-2024-10464 , CVE-2024-10465 , CVE-2024-10466 , CVE-2024-10467

Description

Permission leak via embed or object elements. (CVE-2024-10458)
Use-after-free in layout with accessibility. (CVE-2024-10459)
Confusing display of origin for external protocol handler prompt.
(CVE-2024-10460)
XSS due to Content-Disposition being ignored in
multipart/x-mixed-replace response. (CVE-2024-10461)
Origin of permission prompt could be spoofed by long URL.
(CVE-2024-10462)
Cross origin video frame leak. (CVE-2024-10463)
History interface could have been used to cause a Denial of Service
condition in the browser. (CVE-2024-10464)
Clipboard "paste" button persisted across tabs. (CVE-2024-10465)
DOM push subscription message could hang Firefox. (CVE-2024-10466)
Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR
128.4, and Thunderbird 128.4. (CVE-2024-10467)
                

References

SRPMS

9/core