Nicolas, changing you from CC to assignee as you are the regular Thunderbird maintainer. If you do not want this, please re-assign it.

Assignee: bugsquad => nicolas.salguero
CC: nicolas.salguero => (none)

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Queued up rendering could have allowed websites to clickjack. (CVE-2023-5721)

Address bar spoofing via bidirectional characters. (CVE-2023-5732)

Large WebGL draw could have led to a crash. (CVE-2023-5724)

WebExtensions could open arbitrary URLs. (CVE-2023-5725)

Improper object tracking during GC in the JavaScript engine could have led to a crash. (CVE-2023-5728)

Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1. (CVE-2023-5730)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5730
https://www.thunderbird.net/en-US/thunderbird/115.4.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
========================

Updated packages in core/updates_testing:
========================
thunderbird-115.4.1-1.mga9
thunderbird-af-115.4.1-1.mga9
thunderbird-ar-115.4.1-1.mga9
thunderbird-ast-115.4.1-1.mga9
thunderbird-be-115.4.1-1.mga9
thunderbird-bg-115.4.1-1.mga9
thunderbird-br-115.4.1-1.mga9
thunderbird-ca-115.4.1-1.mga9
thunderbird-cs-115.4.1-1.mga9
thunderbird-cy-115.4.1-1.mga9
thunderbird-da-115.4.1-1.mga9
thunderbird-de-115.4.1-1.mga9
thunderbird-dsb-115.4.1-1.mga9
thunderbird-el-115.4.1-1.mga9
thunderbird-en_CA-115.4.1-1.mga9
thunderbird-en_GB-115.4.1-1.mga9
thunderbird-en_US-115.4.1-1.mga9
thunderbird-es_AR-115.4.1-1.mga9
thunderbird-es_ES-115.4.1-1.mga9
thunderbird-es_MX-115.4.1-1.mga9
thunderbird-et-115.4.1-1.mga9
thunderbird-eu-115.4.1-1.mga9
thunderbird-fi-115.4.1-1.mga9
thunderbird-fr-115.4.1-1.mga9
thunderbird-fy_NL-115.4.1-1.mga9
thunderbird-ga_IE-115.4.1-1.mga9
thunderbird-gd-115.4.1-1.mga9
thunderbird-gl-115.4.1-1.mga9
thunderbird-he-115.4.1-1.mga9
thunderbird-hr-115.4.1-1.mga9
thunderbird-hsb-115.4.1-1.mga9
thunderbird-hu-115.4.1-1.mga9
thunderbird-hy_AM-115.4.1-1.mga9
thunderbird-id-115.4.1-1.mga9
thunderbird-is-115.4.1-1.mga9
thunderbird-it-115.4.1-1.mga9
thunderbird-ja-115.4.1-1.mga9
thunderbird-ka-115.4.1-1.mga9
thunderbird-kab-115.4.1-1.mga9
thunderbird-kk-115.4.1-1.mga9
thunderbird-ko-115.4.1-1.mga9
thunderbird-lt-115.4.1-1.mga9
thunderbird-lv-115.4.1-1.mga9
thunderbird-ms-115.4.1-1.mga9
thunderbird-nb_NO-115.4.1-1.mga9
thunderbird-nl-115.4.1-1.mga9
thunderbird-nn_NO-115.4.1-1.mga9
thunderbird-pa_IN-115.4.1-1.mga9
thunderbird-pl-115.4.1-1.mga9
thunderbird-pt_BR-115.4.1-1.mga9
thunderbird-pt_PT-115.4.1-1.mga9
thunderbird-ro-115.4.1-1.mga9
thunderbird-ru-115.4.1-1.mga9
thunderbird-sk-115.4.1-1.mga9
thunderbird-sl-115.4.1-1.mga9
thunderbird-sq-115.4.1-1.mga9
thunderbird-sr-115.4.1-1.mga9
thunderbird-sv_SE-115.4.1-1.mga9
thunderbird-th-115.4.1-1.mga9
thunderbird-tr-115.4.1-1.mga9
thunderbird-uk-115.4.1-1.mga9
thunderbird-uz-115.4.1-1.mga9
thunderbird-vi-115.4.1-1.mga9
thunderbird-zh_CN-115.4.1-1.mga9
thunderbird-zh_TW-115.4.1-1.mga9

from SRPMS:
thunderbird-115.4.1-1.mga9.src.rpm
thunderbird-l10n-115.4.1-1.mga9.src.rpm

Version: Cauldron => 9
CC: (none) => nicolas.salguero
Whiteboard: MGA9TOO => (none)
Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs

Advisory from comment 2 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"

CC: (none) => marja11
Whiteboard: (none) => advisory

MGA9-64 Plasma. Firefox and the nss packages had already been installed. No installation issues for the US English version.

Sent and received email, read posts on some newsgroups.  No issues to report. I do not use the calendar.

CC: (none) => andrewsfarm

Mageia 9 Plasma x86_64. Updated from testing repo.

All ok for the moment.

Receive ok
Send ok.
Calendar ok.
Translation Es-es ok.
Task ok
Settings ok.
Rss Ok.

Greetings!

CC: (none) => joselp

mga9-64 OK for me

Plasma X11, nvidia470 on GTX750, kernel-linus-6.4.16-5, Intel i7-870

Localisation (Swedish) OK
Kept local mail and settings
IMAP & SMTP
There came an invitaion to a meeting, i accepted, and it is now in my calendar (my first time using it...)



Some warnings appear on launch:
(I have seen the GLib-GIO-WARNING from other applications, i.e Firefox)

$ thunderbird
[Parent 1337601, Main Thread] WARNING: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here.  Only the non-desktop-specific mimeapps.list file may add or remove associations.: 'glib warning', file /home/iurt/rpmbuild/BUILD/thunderbird-115.4.1/thunderbird-115.4.1/toolkit/xre/nsSigHandlers.cpp:167

(thunderbird:1337601): GLib-GIO-WARNING **: 16:23:16.721: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here.  Only the non-desktop-specific mimeapps.list file may add or remove associations.

CC: (none) => fri

MGA9-64 Plasma on an HP Pavilion 15.

Updated US English versions of Firefox and Thunderbird in one operation, with no installation issues. No operational issues to report, either.

No issues for anybody, time to move it on. 

Giving this a 64-bit OK, and validating. 

Moving "advisory" from whiteboard to keywords.

Whiteboard: advisory => MGA9-64-OK
Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0309.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED