Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)
* firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)
* firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)
* firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)
* firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)
* firefox: Race condition in the Graphics component (CVE-2025-13012)
* firefox: Spoofing issue in Firefox (CVE-2025-13015)
* firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)
* firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
thunderbird-140.5.0-2.el8_10.alma.1.aarch64.rpm |
6bc3fe04b45039185c388b445e7241157b0b6554513e32a63cc12af9be7a823b |
| ppc64le |
thunderbird-140.5.0-2.el8_10.alma.1.ppc64le.rpm |
427c25d3349cfd13a8a5ab5a3b3afbf60f269daff66538e17e13ba5c011445f8 |
| s390x |
thunderbird-140.5.0-2.el8_10.alma.1.s390x.rpm |
998109c9f3ae90dbc042e91d4f81bf2a8bef5e597f5793f5a17d45d8589f04ea |
| x86_64 |
thunderbird-140.5.0-2.el8_10.alma.1.x86_64.rpm |
82c092fc65d232d6bbd3bc342e8351a2dc8e00e51a64842a991e1a8fcaefe352 |
