[Git][security-tracker-team/security-tracker][master] Add thunderbird tracking for CVEs from mfsa2024-20

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Apr 21 20:22:56 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
69e27daf by Salvatore Bonaccorso at 2024-04-21T21:22:19+02:00
Add thunderbird tracking for CVEs from mfsa2024-20

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1881,8 +1881,10 @@ CVE-2024-3302 (There was no limit to the number of HTTP/2 CONTINUATION frames th
 	{DSA-5663-1 DLA-3790-1}
 	- firefox 125.0.1-1
 	- firefox-esr 115.10.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3302
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3302
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3302
 CVE-2024-3865 (Memory safety bugs present in Firefox 124. Some of these bugs showed e ...)
 	- firefox 125.0.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3865
@@ -1890,13 +1892,17 @@ CVE-2024-3864 (Memory safety bug present in Firefox 124, Firefox ESR 115.9, and
 	{DSA-5663-1 DLA-3790-1}
 	- firefox 125.0.1-1
 	- firefox-esr 115.10.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3864
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3864
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3864
 CVE-2024-3863 (The executable file warning was not presented when downloading .xrm-ms ...)
 	- firefox <not-affected> (Windows-specific)
 	- firefox-esr <not-affected> (Windows-specific)
+	- thunderbird <not-affected> (Windows-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3863
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3863
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3863
 CVE-2024-3862 (The MarkStack assignment operator, part of the JavaScript engine, coul ...)
 	- firefox 125.0.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3862
@@ -1904,8 +1910,10 @@ CVE-2024-3861 (If an AlignedBuffer were assigned to itself, the subsequent self-
 	{DSA-5663-1 DLA-3790-1}
 	- firefox 125.0.1-1
 	- firefox-esr 115.10.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3861
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3861
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3861
 CVE-2024-3860 (An out-of-memory condition during object initialization could result i ...)
 	- firefox 125.0.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860
@@ -1913,8 +1921,10 @@ CVE-2024-3859 (On 32-bit versions there were integer-overflows that led to an ou
 	{DSA-5663-1 DLA-3790-1}
 	- firefox 125.0.1-1
 	- firefox-esr 115.10.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3859
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3859
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3859
 CVE-2024-3858 (It was possible to mutate a JavaScript object so that the JIT could cr ...)
 	- firefox 125.0.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858
@@ -1922,8 +1932,10 @@ CVE-2024-3857 (The JIT created incorrect code for arguments in certain cases. Th
 	{DSA-5663-1 DLA-3790-1}
 	- firefox 125.0.1-1
 	- firefox-esr 115.10.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3857
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3857
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3857
 CVE-2024-3856 (A use-after-free could occur during WASM execution if garbage collecti ...)
 	- firefox 125.0.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3856
@@ -1934,8 +1946,10 @@ CVE-2024-3854 (In some code patterns the JIT incorrectly optimized switch statem
 	{DSA-5663-1 DLA-3790-1}
 	- firefox 125.0.1-1
 	- firefox-esr 115.10.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3854
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3854
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3854
 CVE-2024-3853 (A use-after-free could result if a JavaScript realm was in the process ...)
 	- firefox 125.0.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3853
@@ -1943,8 +1957,10 @@ CVE-2024-3852 (GetBoundName could return the wrong version of an object when JIT
 	{DSA-5663-1 DLA-3790-1}
 	- firefox 125.0.1-1
 	- firefox-esr 115.10.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3852
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3852
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3852
 CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb)
 	NOT-FOR-US: mindsdb
 CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the Authorizat ...)
@@ -10667,8 +10683,10 @@ CVE-2024-2609 (The permission prompt input delay could expire while the window i
 	{DSA-5663-1 DLA-3790-1}
 	- firefox 124.0-1
 	- firefox-esr 115.10.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-2609
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-2609
 CVE-2024-2608 (`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and ...)
 	{DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1}
 	- firefox 124.0-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69e27daf38e62ffb89edf31f491ac8c051bf1d8c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69e27daf38e62ffb89edf31f491ac8c051bf1d8c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240421/405e3b7c/attachment.htm>

More information about the debian-security-tracker-commits mailing list