ALSA-2025:4170

[ALSA-2025:4170] Important: thunderbird security update

Type:

security

Severity:

important

Release date:

2025-04-25

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.  

Security Fix(es):  

  * firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters (CVE-2025-3029)
  * firefox: thunderbird: Use-after-free triggered by XSLTProcessor (CVE-2025-3028)
  * firefox: thunderbird: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 (CVE-2025-3030)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	thunderbird-128.9.0-2.el8_10.alma.1.aarch64.rpm	3c0676465eed7288d580a1ed42a9a92851791339a6024b6cf2eba427e9d7503f
ppc64le	thunderbird-128.9.0-2.el8_10.alma.1.ppc64le.rpm	d379c8826f1a91cb61f484b4cf6a6b34fbcdbaffdc06a37b885105e3739ddedf
s390x	thunderbird-128.9.0-2.el8_10.alma.1.s390x.rpm	ab8ce752951330e927d87c8ffd44eb2b8a7f8a98f376e2cf44a1d7b4b5a4e3ac
x86_64	thunderbird-128.9.0-2.el8_10.alma.1.x86_64.rpm	cc1f637e828c3a77ace54dfd35cc4b3e93d9f852a0a4119e9dd8bf0cf8af41fe

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.