SUSE-SU-2025:0080-1

Описание

This update for MozillaThunderbird fixes the following issues:

Update to Mozilla Thunderbird ESR 128.6 (MFSA 2025-05, bsc#1234991)

Security fixes:

• CVE-2025-0237 (bmo#1915257) WebChannel APIs susceptible to confused deputy attack
• CVE-2025-0238 (bmo#1915535) Use-after-free when breaking lines in text
• CVE-2025-0239 (bmo#1929156) Alt-Svc ALPN validation failure when redirected
• CVE-2025-0240 (bmo#1929623) Compartment mismatch when parsing JavaScript JSON module
• CVE-2025-0241 (bmo#1933023) Memory corruption when using JavaScript Text Segmentation
• CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6
• CVE-2025-0243 (bmo#1827142, bmo#1932783) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6

Other fixes:

• fixed: New mail notification was not hidden after reading the new message (bmo#1920077)
• fixed: New mail notification could show for the wrong folder, causing repeated alerts (bmo#1926462)
• fixed: macOS shortcut CMD+1 did not restore the main window when it was minimized (bmo#1857953)
• fixed: Clicking the context menu 'Reply' button resulted in 'Reply-All' (bmo#1935883)
• fixed: Switching from 'All', 'Unread', and 'Threads with unread' did not work (bmo#1921618)
• fixed: Downloading message headers from a newsgroup could cause a hang (bmo#1931661)
• fixed: Message list performance slow when many updates happened at once (bmo#1933104)
• fixed: 'mailto:' links did not apply the compose format of the current identity (bmo#550414)
• fixed: Authentication failure of AUTH PLAIN or AUTH LOGIN did not fall back to USERPASS (bmo#1928026)