[Git][security-tracker-team/security-tracker][master] Add thunderbird issues from mfsa2024-28
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 14 07:48:07 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c5d78139 by Salvatore Bonaccorso at 2024-06-14T08:47:24+02:00
Add thunderbird issues from mfsa2024-28
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1134,7 +1134,9 @@ CVE-2023-33922 (Missing Authorization vulnerability in Elementor Elementor Websi
CVE-2024-5702 (Memory corruption in the networking stack could have led to a potentia ...)
{DSA-5709-1 DLA-3825-1}
- firefox-esr 115.12.0esr-1
+ - thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5702
CVE-2024-5701 (Memory safety bugs present in Firefox 126. Some of these bugs showed e ...)
- firefox 127.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5701
@@ -1142,8 +1144,10 @@ CVE-2024-5700 (Memory safety bugs present in Firefox 126, Firefox ESR 115.11, an
{DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
+ - thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5700
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5700
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5700
CVE-2024-5699 (In violation of spec, cookie prefixes such as `__Secure` were being ig ...)
- firefox 127.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5699
@@ -1157,8 +1161,10 @@ CVE-2024-5696 (By manipulating the text in an `<input>` tag, an attacker c
{DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
+ - thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5696
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5696
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5696
CVE-2024-5695 (If an out-of-memory condition occurs at a specific point using allocat ...)
- firefox 127.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5695
@@ -1169,25 +1175,33 @@ CVE-2024-5693 (Offscreen Canvas did not properly track cross-origin tainting, wh
{DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
+ - thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5693
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5693
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5693
CVE-2024-5692 (On Windows, when using the 'Save As' functionality, an attacker could ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
+ - thunderbird <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5692
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5692
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5692
CVE-2024-5691 (By tricking the browser with a `X-Frame-Options` header, a sandboxed i ...)
{DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
+ - thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5691
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5691
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5691
CVE-2024-5690 (By monitoring the time certain operations take, an attacker could have ...)
{DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
+ - thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5690
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5690
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5690
CVE-2024-5689 (In addition to detecting when a user was taking a screenshot (XXX), a ...)
- firefox 127.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5689
@@ -1195,8 +1209,10 @@ CVE-2024-5688 (If a garbage collection was triggered at the right time, a use-af
{DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
+ - thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5688
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5688
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5688
CVE-2024-5687 (If a specific sequence of actions is performed when opening a new tab, ...)
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5687
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5d78139435a2cf9e68f575421619cf03a916f49
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5d78139435a2cf9e68f575421619cf03a916f49
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240614/111d1cbf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list