Mozilla has released Thunderbird 102.8.0 on March 14: https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Incorrect code generation during JIT compilation. (CVE-2023-25751) URL being dragged from a removed cross-origin iframe into the same tab triggered navigation. (CVE-2023-28164) Invalid downcast in Worklets. (CVE-2023-28162) Potential out-of-bounds when accessing throttled streams. (CVE-20223-25752) Memory safety bugs fixed in Thunderbird 102.9. (CVE-2023-28176) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25751 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28164 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28162 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25752 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28176 https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-102.9.0-1.mga8 thunderbird-ka-102.9.0-1.mga8 thunderbird-ru-102.9.0-1.mga8 thunderbird-uk-102.9.0-1.mga8 thunderbird-el-102.9.0-1.mga8 thunderbird-ja-102.9.0-1.mga8 thunderbird-zh_TW-102.9.0-1.mga8 thunderbird-kk-102.9.0-1.mga8 thunderbird-th-102.9.0-1.mga8 thunderbird-sk-102.9.0-1.mga8 thunderbird-vi-102.9.0-1.mga8 thunderbird-hu-102.9.0-1.mga8 thunderbird-zh_CN-102.9.0-1.mga8 thunderbird-cs-102.9.0-1.mga8 thunderbird-hsb-102.9.0-1.mga8 thunderbird-dsb-102.9.0-1.mga8 thunderbird-hy_AM-102.9.0-1.mga8 thunderbird-sr-102.9.0-1.mga8 thunderbird-es_MX-102.9.0-1.mga8 thunderbird-fr-102.9.0-1.mga8 thunderbird-de-102.9.0-1.mga8 thunderbird-tr-102.9.0-1.mga8 thunderbird-es_AR-102.9.0-1.mga8 thunderbird-pl-102.9.0-1.mga8 thunderbird-ko-102.9.0-1.mga8 thunderbird-kab-102.9.0-1.mga8 thunderbird-fy_NL-102.9.0-1.mga8 thunderbird-sq-102.9.0-1.mga8 thunderbird-pt_BR-102.9.0-1.mga8 thunderbird-cy-102.9.0-1.mga8 thunderbird-bg-102.9.0-1.mga8 thunderbird-sv_SE-102.9.0-1.mga8 thunderbird-be-102.9.0-1.mga8 thunderbird-sl-102.9.0-1.mga8 thunderbird-is-102.9.0-1.mga8 thunderbird-nl-102.9.0-1.mga8 thunderbird-lt-102.9.0-1.mga8 thunderbird-eu-102.9.0-1.mga8 thunderbird-et-102.9.0-1.mga8 thunderbird-da-102.9.0-1.mga8 thunderbird-fi-102.9.0-1.mga8 thunderbird-gl-102.9.0-1.mga8 thunderbird-pt_PT-102.9.0-1.mga8 thunderbird-he-102.9.0-1.mga8 thunderbird-hr-102.9.0-1.mga8 thunderbird-ro-102.9.0-1.mga8 thunderbird-ar-102.9.0-1.mga8 thunderbird-nn_NO-102.9.0-1.mga8 thunderbird-es_ES-102.9.0-1.mga8 thunderbird-en_GB-102.9.0-1.mga8 thunderbird-nb_NO-102.9.0-1.mga8 thunderbird-en_CA-102.9.0-1.mga8 thunderbird-pa_IN-102.9.0-1.mga8 thunderbird-en_US-102.9.0-1.mga8 thunderbird-ca-102.9.0-1.mga8 thunderbird-id-102.9.0-1.mga8 thunderbird-gd-102.9.0-1.mga8 thunderbird-it-102.9.0-1.mga8 thunderbird-lv-102.9.0-1.mga8 thunderbird-br-102.9.0-1.mga8 thunderbird-ga_IE-102.9.0-1.mga8 thunderbird-af-102.9.0-1.mga8 thunderbird-ms-102.9.0-1.mga8 thunderbird-ast-102.9.0-1.mga8 thunderbird-uz-102.9.0-1.mga8 from SRPMS: thunderbird-102.9.0-1.mga8.src.rpm thunderbird-l10n-102.9.0-1.mga8.src.rpm
Assignee: bugsquad => qa-bugsStatus: NEW => ASSIGNEDCC: (none) => nicolas.salgueroVersion: Cauldron => 8Source RPM: (none) => thunderbird, thunderbird-l10n
Depends on: (none) => 31663
mga8-64, Plasma, nvidia-current, intel i7 - thunderbird-102.9.0-1.mga8.x86_64 - thunderbird-sv_SE-102.9.0-1.mga8.noarch Tests OK: Swedish locale settings and local mail kept IMAP (offline, IMAP to synk to server) SMTP tested incl inline pictures and attached files. Did not test Filters, Calendar, PGP, RSS...
CC: (none) => fri
Sorry, the following package cannot be selected: - thunderbird-102.9.0-1.mga8.x86_64 (due to unsatisfied lib64nss3[>= 2:3.89.0])
CC: (none) => herman.viaene
First perform update to Bug 31663 - Firefox 102.9
Updated Firefox and Thunderbird together using qarepo, since both usually go out together. This particular install of Thunderbird had not been used since 2018, so there was some catching up to do. Authentication for Gmail was converted from password to 0Auth2 without incident. I use POP mail, so it only had a few emails to download. Sent and received emails OK. I don't use the calendar.
CC: (none) => andrewsfarm
mga8, x64 Firefox update already done. Updated Thunderbird for en_GB and restarted it without any problems. Selected an address from the addressbook, composed a message and sent it successfully. Tried out the alarm facility in the calendar - that worked OK - reminder arrived on the dot.
CC: (none) => tarazed25
I believe this and Firefox are both OK. In addition to in Mageia 8, I have been using both in Cauldron for several days now, with no issues. Validating the update. Advisory in comment 1.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OKCC: (none) => sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0116.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
RedHat has issued an advisory for this on March 22: https://access.redhat.com/errata/RHSA-2023:1407