Changelog:
Fixed When entering members into a mailing list, the enter key dismissed the panel instead of just moving onto the next line
Fixed Email without HTML elements was sent as HTML, despite "Delivery Format: Auto-detect" option
Fixed Options applied to a template were lost when the template was used.
Fixed Contacts could not be deleted when they were found through a search
Fixed Views from global searches did not respect "mail.threadpane.use_correspondents"
Changelog:
Fixed in Thunderbird 45.1
2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)
Christian Holler, Tyson Smith, and Phil Ringalda reported memory safety problems and crashes that are fixed in Firefox ESR 45.1, Firefox ESR 38.8 and Firefox 46.
Memory safety bugs fixed in Firefox ESR 45.1, Firefox ESR 38.8 and Firefox 46 (CVE-2016-2807)
Gary Kwong, Christian Holler, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, and Randell Jesup reported memory safety problems and crashes that are fixed in Firefox ESR 45.1 and Firefox 46.
Memory safety bugs fixed in Firefox ESR 45.1 and Firefox 46 (CVE-2016-2806)
Gary Kwong, Christian Holler, Andrew McCreight, Boris Zbarsky, and Steve Fink reported memory safety problems and crashes that are fixed in Firefox 46.
Memory safety bugs fixed in Firefox 46 (CVE-2016-2804)
Christian Holler reported a memory safety problem that is fixed in Firefox ESR 38.8.
Memory safety bug fixed in Firefox ESR 38.8 (CVE-2016-2805)
* Regen patch names
Changelog:
New Add a Correspondents column combining Sender and Recipient
New Much better support for XMPP chatrooms and commands.
New Remote content exceptions: Improved options to add exceptions.
New Implement option to always use HTML formatting to prevent unexpected format loss when converting messages to plain text.
New Use OpenStreetmap for maps (even allow the user to choose from list of map services)
New Allow spell checking and dictionary selection in the subject line
New Add dropdown in compose to allow specific setting of font size.
New Return/Enter in composer will now insert a new paragraph by default (shift-Enter will insert a line break)
New Mail.ru supports OAuth authentication.
New Allow copying of name and email address from the message header of an email
New Allow editing of From when composing a message.
Fixed Fixed: When sending e-mail which was composed using Chinese, Japanese or Korean characters, unwanted extra spaces were inserted within the text.
Fixed Spell checker checked spelling in invisible HTML parts of the message.
Fixed When saving a draft that is edited as new message, original draft was overwritten.
Fixed External images not displayed in reply/forward
Fixed Properly preserve pre-formatted blocks in message replies.
Fixed Crashed in some cases while parsing IMAP messages.
Fixed Copy/paste from a plain text editor lost white-space (multiple spaces/blanks, tabs, newlines)
Fixed "Open Draft"/"Forward"/"Edit As New"/"Reply" created message composition with incorrect character encoding.
Fixed Fixed: Grouped By view sort direction change was broken, plus enabled custom column grouping.
Fixed Fixed: New emails into a mailbox did not adhere to sort order by received.
Fixed Fixed: Box.com attachments failed to upload.
Fixed Fixed: Drag and drop of multiple attachments failed to OS file folder.
Fixed XMPP had connection problems for users with large rosters
Security bugs:
Fixed in Thunderbird 45
2016-37 Font vulnerabilities in the Graphite 2 library
2016-36 Use-after-free during processing of DER encoded keys in NSS
2016-35 Buffer overflow during ASN.1 decoding in NSS
2016-34 Out-of-bounds read in HTML parser following a failed allocation
2016-27 Use-after-free during XML transformations
2016-24 Use-after-free in SetBody
2016-23 Use-after-free in HTML5 string parser
2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
2016-19 Linux video memory DOS with Intel drivers
2016-18 CSP reports fail to strip location information for embedded iframe pages
2016-17 Local file overwriting and potential privilege escalation through CSP reports
2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
Changelog:
Fixed in Thunderbird 38.7
2016-37 Font vulnerabilities in the Graphite 2 library
2016-35 Buffer overflow during ASN.1 decoding in NSS
2016-34 Out-of-bounds read in HTML parser following a failed allocation
2016-31 Memory corruption with malicious NPAPI plugin
2016-27 Use-after-free during XML transformations
2016-24 Use-after-free in SetBody
2016-23 Use-after-free in HTML5 string parser
2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
2016-17 Local file overwriting and potential privilege escalation through CSP reports
2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
Changelog:
Fixed Various security fixes.
Fixed Filters ran on a different folder than selected
Fixed For Windows systems on roaming profiles, could not display messages after Thunderbird update (related to Lightning updates)
Fixed in Thunderbird 38.6
2016-14 Vulnerabilities in Graphite 2
2016-03 Buffer overflow in WebGL after out of memory allocation
2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
2015-150 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature
Changelog:
38.5.0:
Not available
38.4.0:
Fixed Various security fixes
Fixed Fixed issue where messages moves of multiple messages from a maildir folder to an mbox folder failed.
Fixed in Thunderbird 38.4
2015-133 NSS and NSPR memory corruption issues
2015-132 Mixed content WebSocket policy bypass through workers
2015-131 Vulnerabilities found through code inspection
2015-128 Memory corruption in libjar through zip files
2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
2015-123 Buffer overflow during image interactions in canvas
2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
Changelog:
New Saved files tab now implements Search field and Clear button.
Fixed (Right-)Clicking on a newsgroup now allows directly composing a message again
Fixed Importing to the address book from CSV now works with international characters
Fixed Thunderbird no longer crashes when executing filter rules when using maildir
Fixed When using the maildir storage format, the INBOX folder is no longer deleted
Fixed Emails with long References headers are now decoded correctly
Fixed Checking for new messages correctly works after hibernation again
Fixed Chat entries are no longer sometimes lost in global database at shutdown.
It might still be possible that pkgsrc needs adjustments for gmp loading
if/when we adopt some gmp packages, but until then they serve no purpose
and in fact appear to be harmful. Fixes Firefox startup error message:
addons.manager ERROR Exception calling provider GMPProvider.startup
Changelog:
Changed Hardware acceleration is now disabled by default to avoid crashing Thunderbird
Fixed A few bugs have been fixed to avoid crashing Thunderbird
Fixed in Thunderbird 38.2
2015-90 Vulnerabilities found through code inspection
2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
2015-85 Out-of-bounds write with Updater and malicious MAR file
2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links
2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
* Fix mozilla-common.mk inclusion.
Changelog:
What's New
Fixed Copy/Paste into plain text editor deletes newlines from quoted text (bug 1143570)
Fixed Cross-posts won't send because Newsgroups: groups are separated with comma+space, not just comma (bug 1151448)
Fixed Cannot send email through exchange server (NTLM) (bug 1174159)
Fixed Doesn't display GB2312 encoded texts correctly for Chinese Characters (bug 1174580)
Fixed OAuth2 authentication for GMail does not work when specified server is imap.gmail.com or smtp.gmail.com. (bug 1176773)
Known Issues
unresolved Import from Outlook and Eudora disabled, code currently not working (bug 1175055)
Changelog:
What's New
New GMail supports OAuth2 authentication, removing the need to manually select "allow less secure applications" in Google options for the account. (bug 849540)
New Ship Lightning calendar addon with Thunderbird and enable with an opt-out dialog (bug 1113183)
New Filter sent messages (bug 11039)
New Filter messages when archived (bug 479823)
New Enable search in multiple/all address books (bug 170270)
New Add support for Yahoo Messenger in Chat (bug 955574)
New Support Internationalized domain name URLs for RSS feeds (Bug 1018589)
New Show expanded columns in folder pane (bug 464973)
New Allow file-per-message (maildir) local message storage (bug 845952)
New Add a Learn more link to the support page in feeds subscribe dialog (bug 1053782)
New Add reading position marker line to conversations (bug 760762)
New The editor for twitter should show inputtable character count (bug 736002)
Changed Thunderbird will no longer use SHA-1 to sign messages (bug 1018259)
Changed Removed rarely used character sets: T.61-8bit, non-encoding Mac encoders, VISCII, x-viet-tcvn5712, x-viet-vps x-johab, ARMSCII8 , map us-ascii to windows-1252, ISO-8859-6-I and -E and ISO-8859-8-E, (bug 1068505 and others.)
Changed Disable CONDSTORE support for IMAP to prevent discrepancies in IMAP message status (deleted, unread) on some servers (bug 912216)
Changed Make OpenSearch queries open in the user's default browser (bug 1120777)
Changed Default to using SSL for XMPP and IRC. This might cause issues for self-signed certificates (bug 1122567, bug 1122666)
Fixed Replied/forwarded icons disappear after folder repair, detach/delete (bug 840418)
Fixed Attachment "Save As" files are displayed in Tools/Saved Files (bug 914517)
Fixed Adding unknown email addresses to Mailing list, then deleting ghost duplicate entries from contacts pane, caused dataloss in mailing list (bug 628035)
Fixed Web site from RSS feed was not rendered correctly (bug 662907)
Fixed Email address with leading/trailing whitespace displayed wrongly with added quotes when composing ["foo"@bar.com] (bug 286760)
Fixed Force display of Sender header if S/MIME sender is the signer (bug 332639)
Fixed Addressing autocomplete widget: Typed text in red despite results/matches found if suggestions change by last input (bug 1042561)
Fixed Status bar not accessible (bug 934875)
Fixed Wrong folder may be deleted when requesting junk delete (bug 1018960)
Fixed Severe UI stutter or freezes getting new mail for very large folders (bug 870556)
Fixed Automatically rejoin multi-user conversations on reconnect for XMPP (bug 1014472)
Fixed Various improvements when using IRC on moznet (bug 1083768 and others)
Fixed Significantly improve XMPP support (bug 1085022 and others)
Fixed Fixes for connecting to non-standard IRC networks (bug 870556 and others)
Fixed Automatically reclaim IRC nicks during a reconnect (bug 1087566)
Fixed Changing location in editor doesn't preserve the font when returning to end of text/line (bug 756984)
Fixed Inline spell checker loses red underlines after a backspace is used (bug 1100966)
Known Issues
unresolved Automatic addon compatibility update checks were not completed, so existing addon compatibilities may not be accurate.
unresolved Copy/Paste into plain text editor deletes newlines from quoted text (bug 1143570)
unresolved Importing data from Outlook or Eudora crashes (bug 917961)
Security:
Fixed in Thunderbird 38.0.1
2015-58 Mozilla Windows updater can be run outside of application directory
2015-57 Privilege escalation through IPC channel messages
2015-54 Buffer overflow when parsing compressed XML
2015-51 Use-after-free during text processing with vertical text enabled
2015-48 Buffer overflow with SVG content and CSS
2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
Changelog:
Fixed in Thunderbird 31.7
2015-57 Privilege escalation through IPC channel messages
2015-54 Buffer overflow when parsing compressed XML
2015-51 Use-after-free during text processing with vertical text enabled
2015-48 Buffer overflow with SVG content and CSS
2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
CHangelog:
Fixed in Thunderbird 31.6
2015-40 Same-origin bypass through anchor navigation
2015-37 CORS requests should not follow 30x redirections after preflight
2015-33 resource:// documents can load privileged pages
2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)
Changelog:
Fixed in Firefox/Thunderbird ESR 31.5
2015-24 Reading of local files through manipulation of form autocomplete
2015-19 Out-of-bounds read and write while rendering SVG content
2015-16 Use-after-free in IndexedDB
2015-12 Invoking Mozilla updater will load locally stored DLL files
2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
Changelog:
Fixed The previous issues with jp mac builds have now been fixed, and Thunderbird will no longer need to be run in 32-bit mode.
Fixed Security fixes can be found here
Fixed Installing extensions within Thunderbird no longer requires download and installing as a file (Bug 1081190)
Fixed Autocomplete suggestion sort order was adjusted to prioritize entries where the search string matches the beginning of a word (Bug 970456)
Fixed in Thunderbird 31.4
2015-04 Cookie injection through Proxy Authenticate responses
2015-03 sendBeacon requests lack an Origin header
2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
Changelog:
Fixed Fixes an issue where using LDAP autocomplete could end up with blank entries in the compose addressing list (Bug 1045753)
Fixed Fixes an issue where IRC participants were not removed from the display on leaving a channel.
Fixed Fixes a regression where Thunderbird wasn't respecting the skip integration option on the default client dialog.
Fixed Security fixes can be found here
Fixed in Thunderbird 31.3
2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
2014-88 Buffer overflow while parsing media content
2014-87 Use-after-free during HTML5 parsing
2014-85 XMLHttpRequest crashes with some input streams
2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
