Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c5d78139 by Salvatore Bonaccorso at 2024-06-14T08:47:24+02:00
Add thunderbird issues from mfsa2024-28
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1134,7 +1134,9 @@ CVE-2023-33922 (Missing Authorization vulnerability in
Elementor Elementor Websi
CVE-2024-5702 (Memory corruption in the networking stack could have led to a
potentia ...)
{DSA-5709-1 DLA-3825-1}
- firefox-esr 115.12.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5702
CVE-2024-5701 (Memory safety bugs present in Firefox 126. Some of these bugs
showed e ...)
- firefox 127.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5701
@@ -1142,8 +1144,10 @@ CVE-2024-5700 (Memory safety bugs present in Firefox
126, Firefox ESR 115.11, an
{DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5700
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5700
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5700
CVE-2024-5699 (In violation of spec, cookie prefixes such as `__Secure` were
being ig ...)
- firefox 127.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5699
@@ -1157,8 +1161,10 @@ CVE-2024-5696 (By manipulating the text in an
`<input>` tag, an attacker c
{DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5696
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5696
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5696
CVE-2024-5695 (If an out-of-memory condition occurs at a specific point using
allocat ...)
- firefox 127.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5695
@@ -1169,25 +1175,33 @@ CVE-2024-5693 (Offscreen Canvas did not properly track
cross-origin tainting, wh
{DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5693
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5693
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5693
CVE-2024-5692 (On Windows, when using the 'Save As' functionality, an attacker
could ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
+ - thunderbird <not-affected> (Windows-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5692
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5692
CVE-2024-5691 (By tricking the browser with a `X-Frame-Options` header, a
sandboxed i ...)
{DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5691
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5691
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5691
CVE-2024-5690 (By monitoring the time certain operations take, an attacker
could have ...)
{DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5690
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5690
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5690
CVE-2024-5689 (In addition to detecting when a user was taking a screenshot
(XXX), a ...)
- firefox 127.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5689
@@ -1195,8 +1209,10 @@ CVE-2024-5688 (If a garbage collection was triggered at
the right time, a use-af
{DSA-5709-1 DLA-3825-1}
- firefox 127.0-1
- firefox-esr 115.12.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5688
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5688
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5688
CVE-2024-5687 (If a specific sequence of actions is performed when opening a
new tab, ...)
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-25/#CVE-2024-5687
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5d78139435a2cf9e68f575421619cf03a916f49
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5d78139435a2cf9e68f575421619cf03a916f49
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
