Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 (CVE-2025-14333)
* firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)
* firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)
* firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2025-14322)
* firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)
* firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)
* firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)
* firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)
* firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)
* firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
thunderbird-140.6.0-1.el10_1.alma.1.aarch64.rpm |
b342a98f901745db6bb1a7b15ba6f6d6767ece7cc39ac81a04c524afcc9f45a3 |
| ppc64le |
thunderbird-140.6.0-1.el10_1.alma.1.ppc64le.rpm |
6155e08266d64eefa659766b246e2ba8feb76265468c67736a3624520208c743 |
| s390x |
thunderbird-140.6.0-1.el10_1.alma.1.s390x.rpm |
312a13e7cb31e8467930fb885ac4de991249363b8ab4df508e6f4f50c8cb3e8d |
| x86_64 |
thunderbird-140.6.0-1.el10_1.alma.1.x86_64.rpm |
035fd4751631031766733230a00c547520f4ee7ef548f8a72f03033b5d1c5d9f |
| x86_64_v2 |
thunderbird-140.6.0-1.el10_1.alma.1.x86_64_v2.rpm |
c794fee84553be3c4313eed471b07b31c4322c9d1f8b5067e14cf86013fe6697 |
