Описание
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
- CVE-2024-50336: Fixed insufficient MXC URI validation which could allow client-side path traversal (bsc#1234413)
Other fixes:
-
Updated to Mozilla Thunderbird 128.5.2i (bsc#1234413):
- fixed: Large virtual folders could be very slow
- fixed: Message could disappear after moving from IMAP folder followed by Undo and Redo
- fixed: XMPP chat did not display messages sent inside a CDATA element
- fixed: Selected calendar day did not move forward at midnight
- fixed: Today pane agenda sometimes scrolled for no apparent reason
- fixed: CalDAV calendars without offline support could degrade start-up performance
- fixed: Visual and UX improvements
- fixed: Security fixes
-
Updated to Mozilla Thunderbird 128.5.1:
- new: Add end of year donation appeal
- fixed: Total message count for favorite folders did not work consistently
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP5
MozillaThunderbird-128.5.2-150200.8.194.1
MozillaThunderbird-translations-common-128.5.2-150200.8.194.1
MozillaThunderbird-translations-other-128.5.2-150200.8.194.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
MozillaThunderbird-128.5.2-150200.8.194.1
MozillaThunderbird-translations-common-128.5.2-150200.8.194.1
MozillaThunderbird-translations-other-128.5.2-150200.8.194.1
SUSE Linux Enterprise Workstation Extension 15 SP5
MozillaThunderbird-128.5.2-150200.8.194.1
MozillaThunderbird-translations-common-128.5.2-150200.8.194.1
MozillaThunderbird-translations-other-128.5.2-150200.8.194.1
SUSE Linux Enterprise Workstation Extension 15 SP6
MozillaThunderbird-128.5.2-150200.8.194.1
MozillaThunderbird-translations-common-128.5.2-150200.8.194.1
MozillaThunderbird-translations-other-128.5.2-150200.8.194.1
openSUSE Leap 15.5
MozillaThunderbird-128.5.2-150200.8.194.1
MozillaThunderbird-translations-common-128.5.2-150200.8.194.1
MozillaThunderbird-translations-other-128.5.2-150200.8.194.1
openSUSE Leap 15.6
MozillaThunderbird-128.5.2-150200.8.194.1
MozillaThunderbird-translations-common-128.5.2-150200.8.194.1
MozillaThunderbird-translations-other-128.5.2-150200.8.194.1
Ссылки
- Link for SUSE-SU-2024:4326-1
- E-Mail link for SUSE-SU-2024:4326-1
- SUSE Security Ratings
- SUSE Bug 1234413
- SUSE CVE CVE-2024-50336 page
Описание
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-128.5.2-150200.8.194.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-common-128.5.2-150200.8.194.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:MozillaThunderbird-translations-other-128.5.2-150200.8.194.1
SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.5.2-150200.8.194.1
Ссылки
- CVE-2024-50336
- SUSE Bug 1234413
- SUSE Bug 1234475