Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: thunderbird: Large branch table could lead to truncated instruction (CVE-2025-8028)
* firefox: thunderbird: Memory safety bugs (CVE-2025-8035)
* firefox: thunderbird: Incorrect URL stripping in CSP reports (CVE-2025-8031)
* firefox: thunderbird: JavaScript engine only wrote partial return value to stack (CVE-2025-8027)
* firefox: thunderbird: Potential user-assisted code execution in ?Copy as cURL? command (CVE-2025-8030)
* firefox: Memory safety bugs (CVE-2025-8034)
* firefox: thunderbird: Incorrect JavaScript state machine for generators (CVE-2025-8033)
* firefox: thunderbird: XSLT documents could bypass CSP (CVE-2025-8032)
* firefox: thunderbird: javascript: URLs executed on object and embed tags (CVE-2025-8029)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
thunderbird-128.13.0-3.el8_10.alma.1.aarch64.rpm |
42383d042156711cc2da4244ab0c7e7822ee151cb90ecccea219c024de0d626c |
| ppc64le |
thunderbird-128.13.0-3.el8_10.alma.1.ppc64le.rpm |
5a92f554c8bef3391ab708bb0217a5eddee66c985de60be0f1b611a54602a7f5 |
| s390x |
thunderbird-128.13.0-3.el8_10.alma.1.s390x.rpm |
22e446cbb6e0c07bb19237091c9cdb37c7c4bad769e56d617c54b8ac3cd76c13 |
| x86_64 |
thunderbird-128.13.0-3.el8_10.alma.1.x86_64.rpm |
0b1ecf705387ffd3f30e6214af71db40a4b864d19af5373f5dca4adabf47a275 |
