Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link (CVE-2025-3909)
* thunderbird: Sender Spoofing via Malformed From Header in Thunderbird (CVE-2025-3875)
* thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links (CVE-2025-3877)
* thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking (CVE-2025-3932)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture |
Package |
Checksum |
aarch64 |
thunderbird-128.10.1-1.el10_0.alma.1.aarch64.rpm |
c9027d41a2e57f235124fe43ed4c8ca24ec20b07f56fd9cf90a9e7571df3448c |
ppc64le |
thunderbird-128.10.1-1.el10_0.alma.1.ppc64le.rpm |
e4aeda5d313a6f7b498d238aa3270f835e86055b16db3dd553df6005d99495ff |
s390x |
thunderbird-128.10.1-1.el10_0.alma.1.s390x.rpm |
5d82b5754bf45d6d80d6d744078c34a4d693d1c7d043d3457fa508f80c99e751 |
x86_64 |
thunderbird-128.10.1-1.el10_0.alma.1.x86_64.rpm |
97bb7d6d96c1cca1ab89757d299de4a5bd7ed841fa0b68bbd36122ac1a43e6c0 |