Mageia 9: MGASA-2024-0384 moderate: thunderbird security fixes
mageia
December 2, 2024
Select list elements could be shown over another site
Summary
Select list elements could be shown over another site. (CVE-2024-11692)
CSP Bypass and XSS Exposure via Web Compatibility Shims.
(CVE-2024-11694)
URL Bar Spoofing via Manipulated Punycode and Whitespace Characters.
(CVE-2024-11695)
Unhandled Exception in Add-on Signature Verification. (CVE-2024-11696)
Improper Keypress Handling in Executable File Confirmation Dialog.
(CVE-2024-11697)
Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and
Thunderbird 128.5. (CVE-2024-11699)
References
- https://bugs.mageia.org/show_bug.cgi?id=33805
- https://www.thunderbird.net/en-US/thunderbird/128.5.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/
- https://www.cve.org/CVERecord?id=CVE-2024-11692
- https://www.cve.org/CVERecord?id=CVE-2024-11694
- https://www.cve.org/CVERecord?id=CVE-2024-11695
- https://www.cve.org/CVERecord?id=CVE-2024-11696
- https://www.cve.org/CVERecord?id=CVE-2024-11697
- https://www.cve.org/CVERecord?id=CVE-2024-11699
Resolution
SRPMS
- 9/core/thunderbird-128.5.0-1.mga9
- 9/core/thunderbird-l10n-128.5.0-1.mga9
PREVIOUS 
NEXT Publication date: 02 Dec 2024
URL: https://advisories.mageia.org/MGASA-2024-0384.html
Type: security
CVE: CVE-2024-11692, CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697, CVE-2024-11699
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!