Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: thunderbird: Large branch table could lead to truncated instruction (CVE-2025-8028)
* firefox: thunderbird: Memory safety bugs (CVE-2025-8035)
* firefox: thunderbird: Incorrect URL stripping in CSP reports (CVE-2025-8031)
* firefox: thunderbird: JavaScript engine only wrote partial return value to stack (CVE-2025-8027)
* firefox: thunderbird: Potential user-assisted code execution in ?Copy as cURL? command (CVE-2025-8030)
* firefox: Memory safety bugs (CVE-2025-8034)
* firefox: thunderbird: Incorrect JavaScript state machine for generators (CVE-2025-8033)
* firefox: thunderbird: XSLT documents could bypass CSP (CVE-2025-8032)
* firefox: thunderbird: javascript: URLs executed on object and embed tags (CVE-2025-8029)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
thunderbird-128.13.0-3.el10_0.alma.1.aarch64.rpm |
1b2260f450da05f83ea963b225eeeae3288536083ac236bd4e6f98d73aeb12a5 |
| ppc64le |
thunderbird-128.13.0-3.el10_0.alma.1.ppc64le.rpm |
5acff75cc72d255e7f619c15e33111af8f2c4e21ccb70a8158a6eaefbac92a3f |
| s390x |
thunderbird-128.13.0-3.el10_0.alma.1.s390x.rpm |
6acedc3f813947131115a8885e4fc33e52b4109f08f59f4ba43b235227c39d5d |
| x86_64 |
thunderbird-128.13.0-3.el10_0.alma.1.x86_64.rpm |
8d3678b3f82b1f3daf79f84c16bb64977cdbab2ec34cb1d6b3bb60bb2e91ddbb |
| x86_64_v2 |
thunderbird-128.13.0-3.el10_0.alma.1.x86_64_v2.rpm |
4dead66047fccf463dbe53ae28d36976d269153236aa493c18b60f093e658eb7 |
