nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-23 07:23:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

betterbird: mark as insecure

Browse Source 
There are a large number of CVEs marked as being relevant to
the version of Thunderbird this is based on, but as many Firefox
vulnerabilities are not practically exploitable in Thunderbird due
to lack of untrusted JS execution, I’ve chosen to only reference
the one that should unambiguously be exploitable via Thunderbird’s
built‐in PDF reader to allow injected code. This of course means
that it is likely that other JS‐related vulnerabilities present in
this version may be practically exploitable too.
This commit is contained in:
Emily 2024-10-25 15:51:44 +01:00
parent 0c8b562898
commit 1dd950babb
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pkgs/applications/networking/mailreaders/betterbird/default.nix
View File

@ -104,6 +104,7 @@ in ((buildMozillaMach {
mainProgram = "betterbird";
maintainers = with maintainers; [ SuperSandro2000 ];
inherit (thunderbird-unwrapped.meta) platforms badPlatforms broken license;
knownVulnerabilities = [ "CVE-2024-4367" ];
};
}).override {
crashreporterSupport = false; # not supported