Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 9: MGASA-2024-0151 Critical: Thunderbird Security Fixes

mageia
Calendar Grey April 27, 2024
Dist Mageia Esm H88
Mageia advisory MGASA-2024-0152 addresses urgent updates for Firefox, patching multiple security issues.
CVE-2024-3852: GetBoundName in the JIT returned the wrong object CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement CVE-2024-3857: Incorrect JITting of argument...

Summary

CVE-2024-3852: GetBoundName in the JIT returned the wrong object CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection CVE-2024-2609: Permission prompt input delay could expire when not in focus CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on Windows CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10

References

- https://bugs.mageia.org/show_bug.cgi?id=33123

- https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/

- https://www.cve.org/CVERecord?id=CVE-2024-3852

- https://www.cve.org/CVERecord?id=CVE-2024-3854

- https://www.cve.org/CVERecord?id=CVE-2024-3857

- https://www.cve.org/CVERecord?id=CVE-2024-2609

- https://www.cve.org/CVERecord?id=CVE-2024-3859

- https://www.cve.org/CVERecord?id=CVE-2024-3861

- https://www.cve.org/CVERecord?id=CVE-2024-3302

- https://www.cve.org/CVERecord?id=CVE-2024-3864

Topics%20covered

Topics Covered

security advisory update critical software fix memory safety Thunderbird Mageia

Resolution

SRPMS

- 9/core/thunderbird-115.10.1-1.mga9

- 9/core/thunderbird-l10n-115.10.1-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 27 Apr 2024
URL: https://advisories.mageia.org/MGASA-2024-0151.html
Type: security
CVE: CVE-2024-3852, CVE-2024-3854, CVE-2024-3857, CVE-2024-2609, CVE-2024-3859, CVE-2024-3861, CVE-2024-3302, CVE-2024-3864

Topics%20covered

Topics Covered

security advisory update critical software fix memory safety Thunderbird Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here