Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)
* firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)
* firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)
* firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)
* firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)
* firefox: Race condition in the Graphics component (CVE-2025-13012)
* firefox: Spoofing issue in Firefox (CVE-2025-13015)
* firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)
* firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
thunderbird-140.5.0-2.el10_1.aarch64.rpm |
103646602486a20c075f210361c6dbec1e12730eea1c388b8eb70c3be6f728a8 |
| ppc64le |
thunderbird-140.5.0-2.el10_1.ppc64le.rpm |
e589571af918883ba5c3363a4a5085d3bbbe90ee57acf4e77dca9ce0f93477c5 |
| s390x |
thunderbird-140.5.0-2.el10_1.s390x.rpm |
a5ee8b149fc3e9801dc579b33b98e7de681b4029bbfcc531c146a411f18005bd |
| x86_64 |
thunderbird-140.5.0-2.el10_1.x86_64.rpm |
a621fcb2da77bc94878681e8b9af991bb987dbc4a23187395c76c64da31b3605 |
| x86_64_v2 |
thunderbird-140.5.0-2.el10_1.x86_64_v2.rpm |
39c7191d247423d7ac0f1c66318ef38a17d62a6d7874a822e000b9de5dc3783d |
