<div class="container">
<h1>Security update for MozillaThunderbird</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2024:0242-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218955">bsc#1218955</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-0741.html">CVE-2024-0741</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-0742.html">CVE-2024-0742</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-0746.html">CVE-2024-0746</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-0747.html">CVE-2024-0747</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-0749.html">CVE-2024-0749</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-0750.html">CVE-2024-0750</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-0751.html">CVE-2024-0751</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-0753.html">CVE-2024-0753</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-0755.html">CVE-2024-0755</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">openSUSE Leap 15.5</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Micro 5.5</li>
<li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Workstation Extension 15 SP5</li>
<li class="list-group-item">SUSE Package Hub 15 15-SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves nine vulnerabilities can now be installed.</p>
<h2>Description:</h2>
<p>This update for MozillaThunderbird fixes the following issues:</p>
<p>Update to Mozilla Thunderbird 115.7 (MFSA 2024-04) (bsc#1218955):</p>
<ul>
<li>CVE-2024-0741: Out of bounds write in ANGLE</li>
<li>CVE-2024-0742: Failure to update user input timestamp</li>
<li>CVE-2024-0746: Crash when listing printers on Linux</li>
<li>CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set</li>
<li>CVE-2024-0749: Phishing site popup could show local origin in address bar</li>
<li>CVE-2024-0750: Potential permissions request bypass via clickjacking</li>
<li>CVE-2024-0751: Privilege escalation through devtools</li>
<li>CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain</li>
<li>CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7</li>
</ul>
<p>Other fixes:</p>
<ul>
<li>new: Autocrypt Gossip key distribution added (bmo#1853674)</li>
<li>fixed: When starting Thunderbird, unread message count did
not appear on collapsed accounts (bmo#1862774)</li>
<li>fixed: Blank window was sometimes displayed when starting
Thunderbird (bmo#1870817)</li>
<li>fixed: Thunderbird "--chrome" flag incorrectly opened extra
messenger.xhtml (bmo#1866915)</li>
<li>fixed: Add-ons did not start correctly when opening
Thunderbird from other programs (bmo#1800423)</li>
<li>fixed: Drag-and-drop installation of add-ons did not work if
Add-ons Manager was opened from Unified Toolbar (bmo#1862978)</li>
<li>fixed: Double-clicking empty space in message pane
incorrectly opened the currently selected message
(bmo#1867407)</li>
<li>fixed: Canceling SMTP send before progress reached 100% did
not stop message from sending (bmo#1816540)</li>
<li>fixed: PDF attachments open in a separate tab did not always
restore correctly after restarting Thunderbird (bmo#1846054)</li>
<li>fixed: Some OpenPGP dialogs were too small for their contents
(bmo#1870809)</li>
<li>fixed: Account Manager did not work with hostnames entered as
punycode (bmo#1870720,bmo#1872632)</li>
<li>fixed: Downloading complete message from POP3 headers caused
message tab/window to close when "Close message window/tab on
move or delete" was enabled (bmo#1861886)</li>
<li>fixed: Some ECC GPG keys could not be exported (bmo#1867765)</li>
<li>fixed: Contacts deleted from mailing list view still visible
in Details view (bmo#1799362)</li>
<li>fixed: After selecting contacts in Address Book and starting
a new search, the search results list did not update
(bmo#1812726)</li>
<li>fixed: Various UX and visual improvements (bmo#1866061,bmo#18
67169,bmo#1867728,bmo#1868079,bmo#1869519,bmo#1832149,bmo#185
6495,bmo#1861210,bmo#1861286,bmo#1863296,bmo#1864979)</li>
<li>
<p>fixed: Security fixes</p>
</li>
<li>
<p>Mozilla Thunderbird 115.6.1</p>
</li>
<li>new: OAuth2 now supported for comcast.net (bmo#1844810)</li>
<li>fixed: High CPU usage sometimes occurred with IMAP CONDSTORE
(conditional STORE) enabled (bmo#1839256)</li>
<li>fixed: Replying to a collapsed thread via keyboard shortcut
(Ctrl+R/Cmd+R) opened a reply for every message in the thread
(bmo#1866819)</li>
<li>fixed: Enabling Grouped By view after reversing sort order of
column header caused messages to be grouped incorrectly
(bmo#1868794)</li>
<li>fixed: Opening thread pane context menu via keyboard did not
always scroll view to selection (bmo#1867532)</li>
<li>fixed: New mail indicator for POP3 accounts did not indicate
new messages ready to be downloaded (bmo#1870619)</li>
<li>fixed: Messages could not be moved to folders using Message >
Move To if text or a link in the message had been clicked on
first (bmo#1868474)</li>
<li>fixed: MIME part boundaries were not properly terminated
(bmo#1805558)</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
openSUSE Leap 15.5
<br/>
<code>zypper in -t patch openSUSE-SLE-15.5-2024-242=1</code>
</li>
<li class="list-group-item">
SUSE Package Hub 15 15-SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-242=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-242=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Workstation Extension 15 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-242=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>MozillaThunderbird-debuginfo-115.7.0-150200.8.145.1</li>
<li>MozillaThunderbird-115.7.0-150200.8.145.1</li>
<li>MozillaThunderbird-debugsource-115.7.0-150200.8.145.1</li>
<li>MozillaThunderbird-translations-common-115.7.0-150200.8.145.1</li>
<li>MozillaThunderbird-translations-other-115.7.0-150200.8.145.1</li>
</ul>
</li>
<li>
SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x)
<ul>
<li>MozillaThunderbird-debuginfo-115.7.0-150200.8.145.1</li>
<li>MozillaThunderbird-115.7.0-150200.8.145.1</li>
<li>MozillaThunderbird-debugsource-115.7.0-150200.8.145.1</li>
<li>MozillaThunderbird-translations-common-115.7.0-150200.8.145.1</li>
<li>MozillaThunderbird-translations-other-115.7.0-150200.8.145.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
<ul>
<li>MozillaThunderbird-debuginfo-115.7.0-150200.8.145.1</li>
<li>MozillaThunderbird-115.7.0-150200.8.145.1</li>
<li>MozillaThunderbird-debugsource-115.7.0-150200.8.145.1</li>
<li>MozillaThunderbird-translations-common-115.7.0-150200.8.145.1</li>
<li>MozillaThunderbird-translations-other-115.7.0-150200.8.145.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
<ul>
<li>MozillaThunderbird-debuginfo-115.7.0-150200.8.145.1</li>
<li>MozillaThunderbird-115.7.0-150200.8.145.1</li>
<li>MozillaThunderbird-debugsource-115.7.0-150200.8.145.1</li>
<li>MozillaThunderbird-translations-common-115.7.0-150200.8.145.1</li>
<li>MozillaThunderbird-translations-other-115.7.0-150200.8.145.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-0741.html">https://www.suse.com/security/cve/CVE-2024-0741.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-0742.html">https://www.suse.com/security/cve/CVE-2024-0742.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-0746.html">https://www.suse.com/security/cve/CVE-2024-0746.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-0747.html">https://www.suse.com/security/cve/CVE-2024-0747.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-0749.html">https://www.suse.com/security/cve/CVE-2024-0749.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-0750.html">https://www.suse.com/security/cve/CVE-2024-0750.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-0751.html">https://www.suse.com/security/cve/CVE-2024-0751.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-0753.html">https://www.suse.com/security/cve/CVE-2024-0753.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-0755.html">https://www.suse.com/security/cve/CVE-2024-0755.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218955">https://bugzilla.suse.com/show_bug.cgi?id=1218955</a>
</li>
</ul>
</div>