[Git][security-tracker-team/security-tracker][master] Add new thunderbird issues from mfsa2024-{43,44}

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 6 21:41:05 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f4eaf708 by Salvatore Bonaccorso at 2024-09-06T22:40:37+02:00
Add new thunderbird issues from mfsa2024-{43,44}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,10 @@ CVE-2024-8509 (A vulnerability was found in Forklift Controller. There is no ver
 CVE-2024-8428 (The ForumWP \u2013 Forum & Discussion Board Plugin plugin for WordPres ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8394 (When aborting the verification of an OTR chat session, an attacker cou ...)
-	TODO: check
+	- thunderbird <unfixed>
+	[bookworm] - thunderbird <not-affected> (Vulnerable code not present)
+	[bullseye] - thunderbird <not-affected> (Vulnerable code not present)
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8394
 CVE-2024-7652 (An error in the ECMA-262 specification relating to Async Generators co ...)
 	TODO: check
 CVE-2024-7622 (The Revision Manager TMC plugin for WordPress is vulnerable to unautho ...)
@@ -829,19 +832,34 @@ CVE-2024-8388 (Multiple prompts and panels from both Firefox and the Android OS
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8388
 CVE-2024-8387 (Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thun ...)
 	- firefox 130.0-1
+	- thunderbird <unfixed>
+	[bookworm] - thunderbird <not-affected> (Vulnerable code not present)
+	[bullseye] - thunderbird <not-affected> (Vulnerable code not present)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8387
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8387
 CVE-2024-8386 (If a site had been granted the permission to open popup windows, it co ...)
 	- firefox 130.0-1
+	- thunderbird <unfixed>
+	[bookworm] - thunderbird <not-affected> (Vulnerable code not present)
+	[bullseye] - thunderbird <not-affected> (Vulnerable code not present)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8386
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8386
 CVE-2024-8385 (A difference in the handling of StructFields and ArrayTypes in WASM co ...)
 	- firefox 130.0-1
+	- thunderbird <unfixed>
+	[bookworm] - thunderbird <not-affected> (Vulnerable code not present)
+	[bullseye] - thunderbird <not-affected> (Vulnerable code not present)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8385
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8385
 CVE-2024-8384 (The JavaScript garbage collector could mis-color cross-compartment obj ...)
 	{DSA-5765-1 DLA-3869-1}
 	- firefox 130.0-1
 	- firefox-esr 115.15.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8384
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8384
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8384
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8384
 CVE-2024-8383 (Firefox normally asks for confirmation before asking the operating sys ...)
 	{DSA-5765-1 DLA-3869-1}
 	- firefox 130.0-1
@@ -852,14 +870,20 @@ CVE-2024-8382 (Internal browser event interfaces were exposed to web content whe
 	{DSA-5765-1 DLA-3869-1}
 	- firefox 130.0-1
 	- firefox-esr 115.15.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8382
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8382
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8382
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8382
 CVE-2024-8381 (A potentially exploitable type confusion could be triggered when looki ...)
 	{DSA-5765-1 DLA-3869-1}
 	- firefox 130.0-1
 	- firefox-esr 115.15.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8381
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8381
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8381
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8381
 CVE-2024-8374 (UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerab ...)
 	- cura <not-affected> (Vulnerable code not present)
 	NOTE: Introduced by: https://github.com/Ultimaker/Cura/commit/55e5cd8982e266a8b28b062fb113e150aaef815d (5.7.0-beta.1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4eaf708eef0a5d30d721ce0a5fdf44cfc9e9148

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4eaf708eef0a5d30d721ce0a5fdf44cfc9e9148
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240906/94d3e177/attachment.htm>

More information about the debian-security-tracker-commits mailing list