ALSA-2025:8196

[ALSA-2025:8196] Important: thunderbird security update

Type:

security

Severity:

important

Release date:

2025-05-29

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.  

Security Fix(es):  

  * thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link (CVE-2025-3909)
  * thunderbird: Sender Spoofing via Malformed From Header in Thunderbird (CVE-2025-3875)
  * thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links (CVE-2025-3877)
  * thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking (CVE-2025-3932)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	thunderbird-128.10.1-1.el10_0.alma.1.aarch64.rpm	c9027d41a2e57f235124fe43ed4c8ca24ec20b07f56fd9cf90a9e7571df3448c
ppc64le	thunderbird-128.10.1-1.el10_0.alma.1.ppc64le.rpm	e4aeda5d313a6f7b498d238aa3270f835e86055b16db3dd553df6005d99495ff
s390x	thunderbird-128.10.1-1.el10_0.alma.1.s390x.rpm	5d82b5754bf45d6d80d6d744078c34a4d693d1c7d043d3457fa508f80c99e751
x86_64	thunderbird-128.10.1-1.el10_0.alma.1.x86_64.rpm	97bb7d6d96c1cca1ab89757d299de4a5bd7ed841fa0b68bbd36122ac1a43e6c0

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.