#14506: thunderbird-78.6.1
-------------------------+------------------------
Reporter: renodr | Owner: blfs-book
Type: enhancement | Status: new
Priority: high | Milestone: 10.1
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+------------------------
Changes (by renodr):
* priority: normal => high
Comment:
{{{
Changes
changed
MailExtensions: browserAction, composeAction, and messageDisplayAction
toolbar buttons now support label and default_label properties
Fixes
fixed
Running a quicksearch that returned no results did not offer to re-run as
a global search
fixed
Message search toolbar fixes
fixed
Very long subject lines distorted the message compose and display windows,
making them unusable
fixed
Compose window: Recipient addresses that had not yet been autocompleted
were lost when clicking Send button
fixed
Compose window: New message is no longer marked as "changed" just from
tabbing out of the recipient field without editing anything
fixed
Account autodiscover fixes when using MS Exchange servers
fixed
LDAP address book stability fix
fixed
Messages with invalid vcard attachments were not marked as read when
viewed in the preview window
fixed
Chat: Could not add TLS certificate exceptions for XMPP connections
fixed
Calendar: System timezone was not always properly detected
fixed
Calendar: Descriptions were sometimes blank when editing a single
occurrence of a repeating event
fixed
Various printing bugfixes
fixed
Visual consistency and theme improvements
fixed
Various security fixes
}}}
For the security fixes:
{{{
Mozilla Foundation Security Advisory 2021-02
Security Vulnerabilities fixed in Thunderbird 78.6.1
Announced
January 11, 2021
Impact
critical
Products
Thunderbird
Fixed in
Thunderbird 78.6.1
In general, these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled when reading mail, but
are potentially risks in browser or browser-like contexts.
#CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-
ECHO SCTP chunk
Reporter
Ned Williamson
Impact
critical
Description
A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet
in a way that potentially resulted in a use-after-free. We presume that
with enough effort it could have been exploited to run arbitrary code.
References
Bug 1683964
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/14506#comment:1>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
