Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 9: MGASA-2024-0350 moderate: thunderbird security fixes

mageia
Calendar Grey November 9, 2024
Dist Mageia Esm H88
The latest Thunderbird updates address various security issues, including CSRF, data exposure risks, and additional concerns within Mageia 9.
Permission leak via embed or object elements

Summary

Permission leak via embed or object elements. (CVE-2024-10458) Use-after-free in layout with accessibility. (CVE-2024-10459) Confusing display of origin for external protocol handler prompt. (CVE-2024-10460) XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response. (CVE-2024-10461) Origin of permission prompt could be spoofed by long URL. (CVE-2024-10462) Cross origin video frame leak. (CVE-2024-10463) History interface could have been used to cause a Denial of Service condition in the browser. (CVE-2024-10464) Clipboard "paste" button persisted across tabs. (CVE-2024-10465) DOM push subscription message could hang Firefox. (CVE-2024-10466) Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4. (CVE-2024-10467)

References

- https://bugs.mageia.org/show_bug.cgi?id=33714

- https://www.thunderbird.net/en-US/thunderbird/128.3.3esr/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/128.4.0esr/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/

- https://www.cve.org/CVERecord?id=CVE-2024-10458

- https://https://www.cve.org/CVERecord?id=CVE-2024-10459

- https://www.cve.org/CVERecord?id=CVE-2024-10460

- https://www.cve.org/CVERecord?id=CVE-2024-10461

- https://www.cve.org/CVERecord?id=CVE-2024-10462

- https://www.cve.org/CVERecord?id=CVE-2024-10463

- https://www.cve.org/CVERecord?id=CVE-2024-10464

- https://www.cve.org/CVERecord?id=CVE-2024-10465

- https://www.cve.org/CVERecord?id=CVE-2024-10466

- https://www.cve.org/CVERecord?id=CVE-2024-10467

Topics%20covered

Topics Covered

security advisory XSS DoS thunderbird memory safety Mageia permission leak

Resolution

SRPMS

- 9/core/thunderbird-128.4.0-1.mga9

- 9/core/thunderbird-l10n-128.4.0-1.mga9

Publication date: 09 Nov 2024
URL: https://advisories.mageia.org/MGASA-2024-0350.html
Type: security
CVE: CVE-2024-10458, CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462, CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466, CVE-2024-10467

Topics%20covered

Topics Covered

security advisory XSS DoS thunderbird memory safety Mageia permission leak

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here