Security Vulnerabilities fixed in Thunderbird 115.4.1 — Mozilla

Summary

Mozilla has released Thunderbird 115.4.1, addressing multiple security vulnerabilities including clickjacking (CVE-2023-5721), address bar spoofing (CVE-2023-5732), crashes from large WebGL draws (CVE-2023-5724), arbitrary URL opening by WebExtensions (CVE-2023-5725), obscured full screen notifications on macOS (CVE-2023-5726), bypassed download protections on Windows (CVE-2023-5727), improper object tracking during garbage collection (CVE-2023-5728), and memory safety bugs (CVE-2023-5730).

Key Takeaways

  • Thunderbird 115.4.1 fixes multiple security vulnerabilities.
  • Issues addressed include clickjacking, address bar spoofing, crashes, arbitrary URL opening, obscured full screen notifications, bypassed download protections, and improper object tracking during garbage collection.
  • Memory safety bugs from previous versions have also been fixed.