{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.5.2-150200.8.194.1","MozillaThunderbird-translations-common":"128.5.2-150200.8.194.1","MozillaThunderbird-translations-other":"128.5.2-150200.8.194.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP5","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.5.2-150200.8.194.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.5.2-150200.8.194.1","MozillaThunderbird-translations-common":"128.5.2-150200.8.194.1","MozillaThunderbird-translations-other":"128.5.2-150200.8.194.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.5.2-150200.8.194.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.5.2-150200.8.194.1","MozillaThunderbird-translations-common":"128.5.2-150200.8.194.1","MozillaThunderbird-translations-other":"128.5.2-150200.8.194.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP5","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.5.2-150200.8.194.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.5.2-150200.8.194.1","MozillaThunderbird-translations-common":"128.5.2-150200.8.194.1","MozillaThunderbird-translations-other":"128.5.2-150200.8.194.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP6","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.5.2-150200.8.194.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.5.2-150200.8.194.1","MozillaThunderbird-translations-common":"128.5.2-150200.8.194.1","MozillaThunderbird-translations-other":"128.5.2-150200.8.194.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.5.2-150200.8.194.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.5.2-150200.8.194.1","MozillaThunderbird-translations-common":"128.5.2-150200.8.194.1","MozillaThunderbird-translations-other":"128.5.2-150200.8.194.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.5.2-150200.8.194.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\n- CVE-2024-50336: Fixed insufficient MXC URI validation which could allow client-side path traversal (bsc#1234413)\n\nOther fixes:\n- Updated to Mozilla Thunderbird 128.5.2i (bsc#1234413): \n  * fixed: Large virtual folders could be very slow \n  * fixed: Message could disappear after moving from IMAP folder\n    followed by Undo and Redo \n  * fixed: XMPP chat did not display messages sent inside a CDATA\n    element \n  * fixed: Selected calendar day did not move forward at midnight \n  * fixed: Today pane agenda sometimes scrolled for no apparent\n    reason\n  * fixed: CalDAV calendars without offline support could degrade\n    start-up performance \n  * fixed: Visual and UX improvements \n  * fixed: Security fixes\n\n- Updated to Mozilla Thunderbird 128.5.1:\n  * new: Add end of year donation appeal \n  * fixed: Total message count for favorite folders did not work\n    consistently \n","id":"SUSE-SU-2024:4326-1","modified":"2024-12-16T13:11:14Z","published":"2024-12-16T13:11:14Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20244326-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234413"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-50336"}],"related":["CVE-2024-50336"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2024-50336"]}