[Git][security-tracker-team/security-tracker][master] Add thunderbird tracking for CVEs from mfsa2024-20

Salvatore Bonaccorso (@carnil) Sun, 21 Apr 2024 12:23:06 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
69e27daf by Salvatore Bonaccorso at 2024-04-21T21:22:19+02:00
Add thunderbird tracking for CVEs from mfsa2024-20

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1881,8 +1881,10 @@ CVE-2024-3302 (There was no limit to the number of 
HTTP/2 CONTINUATION frames th
        {DSA-5663-1 DLA-3790-1}
        - firefox 125.0.1-1
        - firefox-esr 115.10.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3302
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3302
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3302
 CVE-2024-3865 (Memory safety bugs present in Firefox 124. Some of these bugs 
showed e ...)
        - firefox 125.0.1-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3865
@@ -1890,13 +1892,17 @@ CVE-2024-3864 (Memory safety bug present in Firefox 
124, Firefox ESR 115.9, and
        {DSA-5663-1 DLA-3790-1}
        - firefox 125.0.1-1
        - firefox-esr 115.10.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3864
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3864
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3864
 CVE-2024-3863 (The executable file warning was not presented when downloading 
.xrm-ms ...)
        - firefox <not-affected> (Windows-specific)
        - firefox-esr <not-affected> (Windows-specific)
+       - thunderbird <not-affected> (Windows-specific)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3863
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3863
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3863
 CVE-2024-3862 (The MarkStack assignment operator, part of the JavaScript 
engine, coul ...)
        - firefox 125.0.1-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3862
@@ -1904,8 +1910,10 @@ CVE-2024-3861 (If an AlignedBuffer were assigned to 
itself, the subsequent self-
        {DSA-5663-1 DLA-3790-1}
        - firefox 125.0.1-1
        - firefox-esr 115.10.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3861
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3861
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3861
 CVE-2024-3860 (An out-of-memory condition during object initialization could 
result i ...)
        - firefox 125.0.1-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860
@@ -1913,8 +1921,10 @@ CVE-2024-3859 (On 32-bit versions there were 
integer-overflows that led to an ou
        {DSA-5663-1 DLA-3790-1}
        - firefox 125.0.1-1
        - firefox-esr 115.10.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3859
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3859
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3859
 CVE-2024-3858 (It was possible to mutate a JavaScript object so that the JIT 
could cr ...)
        - firefox 125.0.1-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858
@@ -1922,8 +1932,10 @@ CVE-2024-3857 (The JIT created incorrect code for 
arguments in certain cases. Th
        {DSA-5663-1 DLA-3790-1}
        - firefox 125.0.1-1
        - firefox-esr 115.10.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3857
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3857
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3857
 CVE-2024-3856 (A use-after-free could occur during WASM execution if garbage 
collecti ...)
        - firefox 125.0.1-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3856
@@ -1934,8 +1946,10 @@ CVE-2024-3854 (In some code patterns the JIT incorrectly 
optimized switch statem
        {DSA-5663-1 DLA-3790-1}
        - firefox 125.0.1-1
        - firefox-esr 115.10.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3854
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3854
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3854
 CVE-2024-3853 (A use-after-free could result if a JavaScript realm was in the 
process ...)
        - firefox 125.0.1-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3853
@@ -1943,8 +1957,10 @@ CVE-2024-3852 (GetBoundName could return the wrong 
version of an object when JIT
        {DSA-5663-1 DLA-3790-1}
        - firefox 125.0.1-1
        - firefox-esr 115.10.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3852
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3852
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3852
 CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb)
        NOT-FOR-US: mindsdb
 CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the 
Authorizat ...)
@@ -10667,8 +10683,10 @@ CVE-2024-2609 (The permission prompt input delay could 
expire while the window i
        {DSA-5663-1 DLA-3790-1}
        - firefox 124.0-1
        - firefox-esr 115.10.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-2609
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-2609
 CVE-2024-2608 (`AppendEncodedAttributeValue(), 
ExtraSpaceNeededForAttrEncoding()` and ...)
        {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1}
        - firefox 124.0-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69e27daf38e62ffb89edf31f491ac8c051bf1d8c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69e27daf38e62ffb89edf31f491ac8c051bf1d8c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add thunderbird tracking for CVEs from mfsa2024-20

Reply via email to