[ALSA-2025:8196] Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2025-05-29
Description:
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link (CVE-2025-3909) * thunderbird: Sender Spoofing via Malformed From Header in Thunderbird (CVE-2025-3875) * thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links (CVE-2025-3877) * thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking (CVE-2025-3932) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 thunderbird-128.10.1-1.el10_0.alma.1.aarch64.rpm c9027d41a2e57f235124fe43ed4c8ca24ec20b07f56fd9cf90a9e7571df3448c
ppc64le thunderbird-128.10.1-1.el10_0.alma.1.ppc64le.rpm e4aeda5d313a6f7b498d238aa3270f835e86055b16db3dd553df6005d99495ff
s390x thunderbird-128.10.1-1.el10_0.alma.1.s390x.rpm 5d82b5754bf45d6d80d6d744078c34a4d693d1c7d043d3457fa508f80c99e751
x86_64 thunderbird-128.10.1-1.el10_0.alma.1.x86_64.rpm 97bb7d6d96c1cca1ab89757d299de4a5bd7ed841fa0b68bbd36122ac1a43e6c0
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.