Advisories for Thunderbird 131.0.1, 128.3.1, 115.16.0

mozilla · Oct 11, 2024 · c07b4d7 · c07b4d7
1 parent bc9537d
commit c07b4d7
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/announce/2024/mfsa2024-52.yml b/announce/2024/mfsa2024-52.yml
@@ -0,0 +1,20 @@
+## mfsa2024-52.yml
+announced: October 10, 2024
+impact: critical
+fixed_in:
+- Thunderbird 131.0.1
+- Thunderbird 128.3.1
+- Thunderbird 115.16.0
+title: Security Vulnerability fixed in Thunderbird 131.0.1, Thunderbird 128.3.1, Thunderbird 115.16.0
+description: |
+  *In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.*
+advisories:
+  CVE-2024-9680:
+    title: Use-after-free in Animation timeline
+    impact: critical
+    reporter: Damien Schaeffer from ESET
+    description: |
+      An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines.
+      We have had reports of this vulnerability being exploited in the wild.
+    bugs:
+      - url: 1923344