Updated thunderbird packages fix security vulnerabilities
Publication date: 02 Dec 2024Modification date: 02 Dec 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-11692 , CVE-2024-11694 , CVE-2024-11695 , CVE-2024-11696 , CVE-2024-11697 , CVE-2024-11699
Description
Select list elements could be shown over another site. (CVE-2024-11692) CSP Bypass and XSS Exposure via Web Compatibility Shims. (CVE-2024-11694) URL Bar Spoofing via Manipulated Punycode and Whitespace Characters. (CVE-2024-11695) Unhandled Exception in Add-on Signature Verification. (CVE-2024-11696) Improper Keypress Handling in Executable File Confirmation Dialog. (CVE-2024-11697) Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5. (CVE-2024-11699)
References
- https://bugs.mageia.org/show_bug.cgi?id=33805
- https://www.thunderbird.net/en-US/thunderbird/128.5.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11692
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11694
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11695
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11696
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11697
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11699
SRPMS
9/core
- thunderbird-128.5.0-1.mga9
- thunderbird-l10n-128.5.0-1.mga9