[Git][security-tracker-team/security-tracker][master] Add thunderbird issues from mfsa2024-28

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 14 07:48:07 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c5d78139 by Salvatore Bonaccorso at 2024-06-14T08:47:24+02:00
Add thunderbird issues from mfsa2024-28

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1134,7 +1134,9 @@ CVE-2023-33922 (Missing Authorization vulnerability in Elementor Elementor Websi
 CVE-2024-5702 (Memory corruption in the networking stack could have led to a potentia ...)
 	{DSA-5709-1 DLA-3825-1}
 	- firefox-esr 115.12.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5702
 CVE-2024-5701 (Memory safety bugs present in Firefox 126. Some of these bugs showed e ...)
 	- firefox 127.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5701
@@ -1142,8 +1144,10 @@ CVE-2024-5700 (Memory safety bugs present in Firefox 126, Firefox ESR 115.11, an
 	{DSA-5709-1 DLA-3825-1}
 	- firefox 127.0-1
 	- firefox-esr 115.12.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5700
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5700
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5700
 CVE-2024-5699 (In violation of spec, cookie prefixes such as `__Secure` were being ig ...)
 	- firefox 127.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5699
@@ -1157,8 +1161,10 @@ CVE-2024-5696 (By manipulating the text in an `<input>` tag, an attacker c
 	{DSA-5709-1 DLA-3825-1}
 	- firefox 127.0-1
 	- firefox-esr 115.12.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5696
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5696
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5696
 CVE-2024-5695 (If an out-of-memory condition occurs at a specific point using allocat ...)
 	- firefox 127.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5695
@@ -1169,25 +1175,33 @@ CVE-2024-5693 (Offscreen Canvas did not properly track cross-origin tainting, wh
 	{DSA-5709-1 DLA-3825-1}
 	- firefox 127.0-1
 	- firefox-esr 115.12.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5693
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5693
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5693
 CVE-2024-5692 (On Windows, when using the 'Save As' functionality, an attacker could  ...)
 	- firefox <not-affected> (Windows-specific)
 	- firefox-esr <not-affected> (Windows-specific)
+	- thunderbird <not-affected> (Windows-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5692
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5692
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5692
 CVE-2024-5691 (By tricking the browser with a `X-Frame-Options` header, a sandboxed i ...)
 	{DSA-5709-1 DLA-3825-1}
 	- firefox 127.0-1
 	- firefox-esr 115.12.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5691
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5691
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5691
 CVE-2024-5690 (By monitoring the time certain operations take, an attacker could have ...)
 	{DSA-5709-1 DLA-3825-1}
 	- firefox 127.0-1
 	- firefox-esr 115.12.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5690
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5690
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5690
 CVE-2024-5689 (In addition to detecting when a user was taking a screenshot (XXX), a  ...)
 	- firefox 127.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5689
@@ -1195,8 +1209,10 @@ CVE-2024-5688 (If a garbage collection was triggered at the right time, a use-af
 	{DSA-5709-1 DLA-3825-1}
 	- firefox 127.0-1
 	- firefox-esr 115.12.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5688
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5688
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5688
 CVE-2024-5687 (If a specific sequence of actions is performed when opening a new tab, ...)
 	- firefox <not-affected> (Android-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5687



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5d78139435a2cf9e68f575421619cf03a916f49

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5d78139435a2cf9e68f575421619cf03a916f49
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240614/111d1cbf/attachment.htm>

More information about the debian-security-tracker-commits mailing list