| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
Changelog:
What's New
OpenPGP: Added option to disable email subject encryption
Changes
OpenPGP public key import now supports multi-file selection and bulk accepting imported keys
MailExtensions: getComposeDetails will wait for "compose-editor-ready" event
Fixes
New mail icon was not removed from the system tray at shutdown
"Place replies in the folder of the message being replied to" did not work when using "Reply to List"
Thunderbird did not honor the "Run search on server" option when searching messages
Highlight color for folders with unread messages wasn't visible in dark theme
OpenPGP: Key were missing from Key Manager
OpenPGP: Option to import keys from clipboard always disabled
The "Link" button on the large attachments info bar failed to open up Filelink section in Options if the user had not yet configured Filelink
Address book: Printing members of a mailing list resulted in incorrect output
Unable to connect to LDAP servers configured with a self-signed SSL certificate
Autoconfig via LDAP did not work as expected
Calendar: Pressing Ctrl-Enter in the new event dialog would create duplicate events
Various security fixes
Security fixes:
#CVE-2020-26970: Stack overflow due to incorrect parsing of SMTP server response codes
|
|
|
|
* Fix build with lang/rust-1.47.0.
Changelog:
78.5.0
What's New
OpenPGP: Added option to disable attaching the public key to a signed message
MailExtensions: "compose_attachments" context added to Menus API
MailExtensions: Menus API now available on displayed messages
Changes
MailExtensions: browser.tabs.create will now wait for "mail-delayed-startup-finished" event
Fixes
OpenPGP: Support for inline PGP messages improved
OpenPGP: Message security dialog showed unverified keys as unavailable
Chat: New chat contact menu item did not function
Various theme and usability improvements
Various security fixes
#CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
#CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local network
#CVE-2020-26968: Memory safety bugs fixed in Thunderbird 78.5
78.4.3
Fixes
User interface was inconsistent when switching from the default theme to the dark theme and back to the default theme
Email subject would disappear when hovering over it with the mouse when using Windows 7 Classic theme
78.4.2
Fixes
Security fix
#CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for
78.4.1
What's New
Thunderbird prompts for an address to use when starting an email from an address book entry with multiple addresses
Fixes
Searching global search results did not work
Link location was not focused by default when adding a hyperlink in message composer
Advanced address book search dialog was unusable
Encrypted draft reply emails lost "Re:" prefix
Replying to a newsgroup message did not open the compose window
Unable to delete multiple newsgroup messages
Appmenu displayed visual glitches
Visual glitches when selecting multiple messages in the message pane and using Ctrl+click
Switching between dark and light mode could lead to unreadable text on macOS
78.4.0
What's New
MailExtensions: browser.tabs.sendMessage API added
MailExtensions: messageDisplayScripts API added
Changes
Yahoo and AOL mail users using password authentication will be migrated to OAuth2
MailExtensions: messageDisplay APIs extended to support multiple selected messages
MailExtensions: compose.begin functions now support creating a message with attachments
Fixes
Thunderbird could freeze when updating global search index
Multiple issues with handling of self-signed SSL certificates addressed
Recipient address fields in compose window could expand to fill all available space
Inserting emoji characters in message compose window caused unexpected behavior
Button to restore default folder icon color was not keyboard accessible
Various keyboard navigation fixes
Various color-related theme fixes
MailExtensions: Updating attachments with onBeforeSend.addListener() did not work
Various security fixes
Security fixes:
#CVE-2020-15969: Use-after-free in usersctp
#CVE-2020-15683: Memory safety bugs fixed in Thunderbird 78.4
78.3.3
Fixes
OpenPGP: Improved support for encrypting with subkeys
OpenPGP message status icons were not visible in message header pane
OpenPGP Key Manager was missing from Tools menu on macOS
Creating a new calendar event did not require an event title
78.3.2
Changes
Thunderbird will no longer automatically install updates when Preferences tab is opened
Fixed
OpenPGP: Improved support for encrypting with subkeys
OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly
Single-click deletion of recipient pills with middle mouse button restored
Searching an address book list did not display results
Windows installer was unreadable with Windows in high contrast mode
Dark mode, high contrast, and Windows theming fixes
|
|
Changelog:
Changes
Thunderbird will no longer automatically install updates when Preferences tab is opened
Fixes
OpenPGP: Improved support for encrypting with subkeys
OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly
Single-click deletion of recipient pills with middle mouse button restored
Searching an address book list did not display results
Windows installer was unreadable with Windows in high contrast mode
Dark mode, high contrast, and Windows theming fixes
|
|
Changelog:
78.3.1
Fixes
Thunderbird crashed after updating to 78.3.0
78.3.0
Changes
OpenPGP: Improved decryption performance with large messages
OpenPGP: Do not show external key UI when disabled by preference
Account setup wizard will now open a popup when connecting to a server with a
self-signed SSL/TLS certificate
Installation of "legacy" MailExtensions now disabled
Reply-To header moved in compose window; now appears under From header
Calendar: Sidebar UI improvements
Fixes
Selecting "Cancel" on the Master Password prompt at startup incorrectly
reported corrupted OpenPGP data
OpenPGP: Creating a new key pair did not automatically select it for use
Dragging & Dropping recipient pills resulted in lost pills when an error was
present
Spellcheck suggestions were unreadable in dark theme
Calendar: Multiple password prompts opened
Linux Distributions: UI was not rendered completely when built without updater
MailExtensions: browser.folders.delete failed on IMAP folders
Various security fixes
Security fixes:
Mozilla Foundation Security Advisory 2020-44
#CVE-2020-15677: Download origin spoofing via redirect
#CVE-2020-15676: XSS when pasting attacker-controlled data into
a contenteditable element
#CVE-2020-15678: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
#CVE-2020-15673: Memory safety bugs fixed in Thunderbird 78.3
|
|
|
|
* Runtime depend on chat/libotr.
Changelog:
What's New
new Drag and Drop reordering of recipient pills now supported
Changes
changed OpenPGP: Some signature states reported as "mismatch" now report "unknown"
changed Privacy policy now displayed in a tab when updated
changed Chat: Non-functional Twitter support removed
Fixes
fixed OpenPGP: Improvements to key importing when failures occur
fixed OpenPGP: Decryption did not work with certain HTTP proxy configurations
fixed OpenPGP: "Discover keys online" option did not work when searching for an email address
fixed Email filters reported failure when moving a message to original folder
fixed Message filters: Filters shown as enabled in configuration dialog were not always enabled
fixed vCard 2.1 attachments not handled properly
fixed Sending messages sometimes failed when recipients were in LDAP address book
fixed Non-functional help menu items removed
fixed Adding custom headers in the addressing widget (preference mail.compose.other.header) did not work
fixed Calendar: Event reminder details were unreadable
fixed Windows 10 high-contrast theme fixes
fixed More theme fixes and improvements
|
|
|
|
|
|
* Lightning cannot be disabled by users in build time.
Remove mozilla-lightning option.
Changelog:
78.2.1
Changes
changed OpenPGP enabled by default
changed OpenPGP: Disabled the use of MD5/SM2/SM3 algorithms
Fixes
fixed OpenPGP: Users with sub-identities were unable to encrypt or sign messages when switching identities
fixed OpenPGP message security window did not support dark mode
78.2.0
Changes
changed OpenPGP Key generation now disabled when there is no default mail account configured
changed OpenPGP: Encrypt saved drafts when OpenPGP is enabled
changed Twitter search removed
changed Calendar: Event summary dialog is now themeable
changed MailExtensions: Some APIs now use defineLazyPreferenceGetter in order to benefit from caching
Fixes
fixed OpenPGP Key Manager search function did not work
fixed OpenPGP Key Properties dialog was sometimes too small
fixed OpenPGP: Encrypted email would not send if address contained uppercase characters
fixed OpenPGP: "Key ID" column could not be resized in Key Manage
fixed OpenPGP: Keys containing invalid UTF-8 strings could not be imported
fixed OpenPGP: Enable automatic signing for encrypted messages in additional scenarios
fixed Many more OpenPGP bug fixes and improvements
fixed IMAP fetch chunk size was always 65536 bytes
fixed IMAP server capabilities were not rechecked after upgrading to SSL/TLS connection
fixed Message Composer: Order of attachments could not be modified using drag & drop
fixed Composing messages with a "fixed width" font did not work
fixed Drag and drop of address book contacts did not work in some situations
fixed Address book migration failed when there was a dot in the file name
fixed Address book: "Always prefer display name over message header" was always checked when editing a contact
fixed Address book performance optimizations
fixed Dialog to add a new mail account from "Account Settings" did not open
fixed "Select All" (Ctrl+A) in message source did not work until focused with a mouse click
fixed Ctrl+scroll wheel not zooming in message reader
fixed Setting/changing a signature from a file lost when closing account settings
fixed Adaptive Junk Mail settings could not be disabled
fixed Message filter dialog fixes: Missing scrollbar, drop-down list not wide enough
fixed Various UX and theme improvements
78.1.1
Changes
changed Building OpenPGP shared library linked to system libraries now supported
changed MailExtension errors now shown in Developer Tools console by default
changed MailExtensions: Dynamic registration of calendar providers now supported
Fixesr
fixed OpenPGP improvements
fixed Message preview was sometimes blank after upgrading from Thunderbird 68
fixed Email addresses whitelisted for remote content not displayed in preferences
fixed Importing data from Seamonkey did not work
fixed Renaming a mail list did not update the side bar
fixed MailExtensions: messenger.* namespace was undefined
78.1.0
What's New
new OpenPGP support is now feature complete. Improvements: new Key Wizard, online searching for OpenPGP keys, and more
new The preferences tab now has a search field
Changes
changed Dark background in message reader is now disabled
Fixes
fixed Thunderbird startup was slow when using folder color customizations with many folders. Previously configured colors will not be migrated.
fixed Mail quota usage in status bar did not support terabyte folder sizes
fixed Changing Junk mail settings with keyboard toggled wrong setting
fixed Advanced IMAP server preferences not saved in Account Manager
fixed Address book migration updates and fixes
fixed Address book: Last Modified Date was not updated
fixed Dark mode improvements
fixed Various security fixes
Security fixes:
#CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker
#CVE-2020-6514: WebRTC data channel leaks internal address to peer
#CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
#CVE-2020-15653: Bypassing iframe sandbox when allowing popups
#CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
#CVE-2020-15656: Type confusion for special arguments in IonMonkey
#CVE-2020-15658: Overriding file type when saving to disk
#CVE-2020-15657: DLL hijacking due to incorrect loading path
#CVE-2020-15654: Custom cursor can overlay user interface
#CVE-2020-15659: Memory safety bugs fixed in Thunderbird 78.1
78.0.1
What's New
new OpenPGP: Key revocation, extending key expiration, and secret key backup
Fixes
fixed Drag & Drop multiple attachments to macOS Finder created duplicate files
fixed Faceted search date and relevance settings not saved
fixed FileLink attachments included as a link and file when added from a network drive via drag & drop
fixed About Thunderbird dialog keyboard shortcuts did not work
fixed CC'd recipients sometimes displayed collapsed in header pane
fixed Incremental search in contacts sidebar did not always display local results when an LDAP server was also in use
fixed Contacts sidebar search results cleared after removing a contact
fixed OpenPGP: Messages with long Armor Header lines did not display
fixed OpenPGP: Messages containing non-UTF-8 text were not supported
fixed Various UI and theming fixes
fixed Chat: Participants list did not display operator flags
|
|
|
|
|
|
Changelog:
Fixes
fixed Chat: Topics displayed some characters improperly
fixed Calendar: Filtering tasks did not work when "Incomplete Tasks" was selected
Security fixes:
CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64
#CVE-2020-12418: Information disclosure due to manipulated URL object
#CVE-2020-12419: Use-after-free in nsGlobalWindowInner
#CVE-2020-12420: Use-After-Free when trying to connect to a STUN server
#MFSA-2020-0001: Automatic account setup leaks Microsoft Exchange login credentials
#CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates
|
|
|
|
|
|
thanks jperkin for the hint.
|
|
|
|
- Re-enable multiprocess mode
- Drop hacks for crossprocess semaphores on NetBSD
- Drop OSS support
- Drop unused gnome option
Bump PKGREVISION
|
|
|
|
|
|
Changelog:
Fixes
fixed Custom headers added for searching or filtering could not be removed
fixed Calendar: Today Pane updated prior to loading all data
fixed Stability improvements
fixed Various security fixes
Security fixes:
#CVE-2020-12399: Timing attack on DSA signatures in NSS library
#CVE-2020-12405: Use-after-free in SharedWorkerService
#CVE-2020-12406: JavaScript Type confusion with NativeTypes
#CVE-2020-12410: Memory safety bugs fixed in Thunderbird 68.9.0
#CVE-2020-12398: Security downgrade with IMAP STARTTLS leads to information leakage
|
|
Changelog:
Fixes:
fixed IMAP stability improvements
fixed HTML tags in IRC topic changes were rendered incorrectly
fixed MailExtensions: Websockets could not be used
|
|
Thunderbird is no longer Mozilla-branded. It no longer uses gtk2.
Future versions of Thunderbird will not have ESR releases because
every Thunderbird release is now an ESR release.
|
|
Changelog:
Fixes
Account Manager: text fields were too small in some cases
Account Manager: Authentication method did not update when selecting an SMTP server
Links with embedded credentials did not open on Windows
Messages were sometimes sent with a badly formed address when filled from the address book
Accessibility: Screen readers were reporting too many activities from the status bar
MailExtensions: Setting IMAP messages as read with browser.messages.updated failed to persist
Various security fixes
Security fixes:
#CVE-2020-12397: Sender Email Address Spoofing using encoded Unicode characters
#CVE-2020-12387: Use-after-free during worker shutdown
#CVE-2020-6831: Buffer overflow in SCTP chunk input validation
#CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
#CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
#CVE-2020-12395: Memory safety bugs fixed in Thunderbird 68.8.0
|
|
Changelog:
What's New
new MailExtensions: Raw message source available to MailExtensions
Changes
changed MailExtensions: messages.update function extended to mark messages as junk or not junk
changed MailExtensions: browser.compose.begin functions no longer expand mailing lists
Fixes
fixed Various improvements to account setup when connecting to an Exchange server
fixed Thread collapsed when opening news message in a new window
fixed Addons not automatically updated to compatible version after upgrade from Thunderbird 60
fixed Updating addons did not prompt when requesting new permissions
fixed Extra recipients panel not keyboard-accessible
fixed Accessibility: Status bar was not detected by screenreaders
fixed MailExtensions: messages.query by folder name did not require accountsRead permission
fixed Calendar: Invitations with embedded null bytes did not always decode correctly
fixed Calendar: Cancelled events didn't show with a line-through
fixed Various security fixes
Security fixes:
#CVE-2020-6819: Use-after-free while running the nsDocShell destructor
#CVE-2020-6820: Use-after-free when handling a ReadableStream
#CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method
#CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large images
#CVE-2020-6825: Memory safety bugs fixed in Thunderbird 68.7.0
|
|
supposed to do. Don't mess with math.h internals. Honor ressource limit
changes during build.
|
|
CVhangelog:
68.6.0
new
Thunderbird now displays a popup window when starting up on a new
profile
changed
Thunderbird now provides partial updates resulting in smaller
downloads
fixed
Searching in message bodies led to false negatives under some
circumstances in quoted-printable encoded HTML bodies
"Get New Messages for All Accounts" not working for OAuth2-authenticated
IMAP accounts
Various security fixes
#CVE-2020-6805: Use-after-free when removing data about origins
#CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion
#CVE-2020-6807: Use-after-free in cubeb during stream destruction
#CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
#CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
#CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
#CVE-2020-6814: Memory safety bugs fixed in Thunderbird 68.6
68.0.5
new
Support for Client Identity IMAP/SMTP Service Extension
Support for OAuth 2.0 authentication for POP3 accounts
fixed
Status area goes blank during account setup
Calendar: Could not remove color for default categories
Calendar: Prevent calendar component loading multiple times
Calendar: Today pane did not retain width between sessions
Various security fixes
#CVE-2020-6793: Out-of-bounds read when processing certain email messages
#CVE-2020-6794: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords
#CVE-2020-6795: Crash processing S/MIME messages with multiple signatures
#CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX
#CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection
#CVE-2020-6792: Message ID calculcation was based on uninitialized data
#CVE-2020-6800: Memory safety bugs fixed in Thunderbird 68.5
|
|
|
|
Switch to an internal version of pthread_equal() without sanity checks.
Problems detected on NetBSD 9.99.46.
|
|
Changelog:
changed
Calendar: Task and Event tree colours adjusted for the dark theme
fixed
Retrieval of S/MIME certificates from LDAP failed
Address-parsing crash on some IMAP servers when preference mail.imap.use_envelope_cmd was set
Incorrect forwarding of HTML messages caused SMTP servers to respond with a timeout
Calendar: Various parts of the calendar UI stopped working when a second Thunderbird window opened
|
|
Changelog:
Changes
Various improvements when setting up an account for a Microsoft Exchange server: Now offers IMAP/SMTP if available, better detection for Office 365 accounts; re-run configuration after password change.
Fixes
Attachments with one or more spaces in their names couldn't be opened under some circumstances
After changing view layout, the message display pane showed garbled content under some circumstances
Tags were lost on messages in shared IMAP folders under some circumstances
Various theme changes to achieve "pixel perfection": Unread icon, "no results" icon, paragraph format and font selector, background of folder summary tooltip
Calendar: Event attendee dialog was not displayed correctly
Various security fixes
Security fixes:
CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
#CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows
#CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
#CVE-2019-17017: Type Confusion in XPCVariant.cpp
#CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows
#CVE-2019-17022: CSS sanitization does not escape HTML tags
#CVE-2019-17024: Memory safety bugs fixed in Thunderbird 68.4.1
|
|
|
|
Sort PLIST while here.
|
|
Changelog:
68.3.1
Changes
changed
In dark theme unread messages no longer shown in blue to distinguish from tagged messages
changed
Account setup is now using client side DNS MX lookup instead of relying on a server.
Fixes
fixed
Searching LDAP address book crashed in some circumstances
fixed
Message navigation with backward and forward buttons did not work in some circumstances
fixed
WebExtension toolbar icons were displayed too small
fixed
Calendar: Tasks due today were not listed in bold
fixed
Calendar: Last day of long-running events was not shown
68.3.0
What’s New
new
Message display toolbar action WebExtension API
new
Navigation buttons are now available in content tabs, for example those opened via an add-on search
Changes
changed
"New email" icon in Windows systray changed from in-tray with arrow to envelope
Fixes
fixed
Icons of attachments in the attachment pane of the Write window not always correct
fixed
Toolbar buttons of add-ons in the menubar not shown after startup
fixed
LDAP lookup not working when SSL was enabled. LDAP search not working when "All Address Books" was selected.
fixed
Scam link confirmation panel not working
fixed
In Write window, the Link Properties dialog wasn't showing named anchors in context menu
fixed
Calendar: Start-up failed if the application menu is not on the calendar toolbars
fixed
Chat: Account reordering via drag-and-drop not working on Instant messaging status dialog (Show Accounts)
fixed
Various security fixes
Security fixes:
#CVE-2019-17008: Use-after-free in worker destruction
#CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code
#CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher
#CVE-2019-17009: Updater temporary files accessible to unprivileged processes
#CVE-2019-17010: Use-after-free when performing device orientation checks
#CVE-2019-17005: Buffer overflow in plain text serializer
#CVE-2019-17011: Use-after-free when retrieving a document in antitracking
#CVE-2019-17012: Memory safety bugs fixed in Firefox 71, Firefox ESR 68.3, and Thunderbird 68.3
|
|
|
|
pkglint -Wall -F --only aligned -r
No manual corrections.
|
|
Changelog:
new
A language for the user interface can now be chosen in the advanced settings (multilingual UI)
fixed
Problem with Google authentication (OAuth2)
fixed
Selected or unread messages not shown in the correct color in the thread pane (message list) under some circumstances
fixed
When using a language pack, names of standard folders weren't localized
fixed
Address book default startup directory in preferences panel not persisted
fixed
Various visual glitches: Conditions in filter editor not high enough, folder location widget not showing folder name, problem with menubar customization, add-on home page links accumulating, theme issues on Windows 7
fixed
Chat: Extended context menu on Instant messaging status dialog (Show Accounts)
|
|
|
|
|
|
Changelog:
new
Message Display WebExtension API
new
Message Search WebExtension API
fixed
Better visual feedback for unread messages when using the dark theme
fixed
Various issues when editing mailing lists
fixed
Integration with macOS addressbook and notifications not working after introduction of notarization
fixed
Application windows not maintaining their size after restart
fixed
Issues when upgrading from a 32bit version of Thunderbird to a 64bit
version. Note: If your profile is still not recognised, selected it
by visiting about:profiles in the Troubleshooting Information.
fixed
Various security fixes
Security fixes:
#CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
#CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
#CVE-2019-11758: Potentially exploitable crash due to 360 Total Security
#CVE-2019-11759: Stack buffer overflow in HKDF output
#CVE-2019-11760: Stack buffer overflow in WebRTC networking
#CVE-2019-11761: Unintended access to a privileged JSONView object
#CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation
#CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
#CVE-2019-11764: Memory safety bugs fixed in Thunderbird 68.2
|
|
Local changes
=============
Cherry-pick a pending patch to fix build with the recent rust version (1.38.0).
esr68 branch fails to build with rust 1.38
https://bugzilla.mozilla.org/show_bug.cgi?id=1585099
Cherry-pick patch from:
https://marc.info/?l=openbsd-ports&m=156984549605237&w=2
Upstream changelog
==================
What's New
fixed Visual glitches: Missing context menu in filter, downloads, password manager and Config Editor search boxes, unwanted scrollbars and cut-off text in Account Manager, incorrect colors in Calendar agenda scrollbars, theme issues on Windows 7
fixed Some attachments couldn't be opened in messages originating from MS Outlook 2016
fixed Address book import form CSV
fixed Performance problem in message body search
fixed Ctrl+Enter to send a message would open an attachment if the attachment pane had focus
fixed Calendar: Issues with "Today Pane" start-up
fixed Calendar: Glitches with custom repeat and reminder number input
fixed Calendar: Problems with WCAP provider
https://www.thunderbird.net/en-US/thunderbird/68.1.2/releasenotes/
|
|
Changelog:
fixed Issues with attachments in IMAP messages
fixed Gmail accounts ignored a non-standard trash folder
selection. Note: If non-standard trash folder was selected
previously in the account settings, this setting will now take
effect which may be unexpected.
fixed Entering/pasting lists of recipients into the addressing
widget or mailing list not working reliably, especially when
lists contained multiple commas or semicolons
fixed Edit mailing list not working
fixed Various theme fixes, especially dark theme improvements
for Calendar
fixed Contrast between tag label and background not optimal
fixed Account Central pane always loaded at start-up
fixed "Config Editor" button not removed if blocked by policy
fixed Calendar: Free/busy information in attendees dialog not
scrolled correctly. Note: Scroll arrows still not behaving
correctly.
fixed Various security fixes
#CVE-2019-11755: Spoofing a message author via a crafted S/MIME
message
|
|
Changelog:
new
Offer to configure Exchange accounts for Office365. A third-party add-on is required for this account type. IMAP still exists as alternative.
fixed
Edit tag not working
fixed
Write window: "Insert > Characters and Symbols" not working
fixed
Moving/dragging messages from "Search Messages" result dialog not working
fixed
Command line -compose "attachment=" not working
fixed
Custom views not working
fixed
Issues with list of content types/actions for incoming attachments
fixed
"Learn More" links in Error Console not working
fixed
Visual glitches: Quick Filter Bar tag buttons too tall, missing scroll
bar on Connection Setting subdialog, LDAP server selection after "New",
"Edit" and "Delete"
fixed
Calendar: Parts of CalDAV dialog not working
fixed
Various security fixes
Security fixes:
CVE-2019-11739: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
|
|
|
|
Changelog:
changed
Calendar: Problems when editing event times, some related to AM/PM setting in non-English locales
|
|
Changelog:
Fixed
No prompt for smartcard PIN when S/MIME signing is used
Security fixes:
#CVE-2019-11703: Heap buffer overflow in icalparser.c
#CVE-2019-11704: Heap buffer overflow in icalvalue.c
#CVE-2019-11705: Stack buffer overflow in icalrecur.c
#CVE-2019-11706: Type confusion in icalproperty.c
|
|
NetBSD ships with libGL.so.3 as of NetBSD-8.99.42 and the libGL.so form
is more portable.
|
|
Changelog:
changed
Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut
fixed
Various security fixes
#CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
#CVE-2019-9816: Type confusion with object groups and UnboxedObjects
#CVE-2019-9817: Stealing of cross-domain images using canvas
#CVE-2019-9818: Use-after-free in crash generation server
#CVE-2019-9819: Compartment mismatch with fetch API
#CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
#CVE-2019-11691: Use-after-free in XMLHttpRequest
#CVE-2019-11692: Use-after-free removing listeners in the event listener manager
#CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
#CVE-2019-7317: Use-after-free in png_image_free of libpng library
#CVE-2019-9797: Cross-origin theft of images with createImageBitmap
#CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext
#CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
#CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
#CVE-2019-5798: Out-of-bounds read in Skia
#CVE-2019-9800: Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and Thunderbird 60.7
|
