ALSA-2025:4649

[ALSA-2025:4649] Important: thunderbird security update

Type:

security

Severity:

important

Release date:

2025-05-08

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.  

Security Fix(es):  

  * thunderbird: User Interface (UI) Misrepresentation of attachment URL (CVE-2025-3523)
  * thunderbird: Information Disclosure of /tmp directory listing (CVE-2025-2830)
  * thunderbird: Leak of hashed Window credentials via crafted attachment URL (CVE-2025-3522)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	thunderbird-128.9.2-1.el8_10.alma.1.aarch64.rpm	301cba441fa79a822a9bda52eae32eaf04c4218f20d237fb9a520fd83e4cda99
ppc64le	thunderbird-128.9.2-1.el8_10.alma.1.ppc64le.rpm	88e57f8f05183f9723f0019ca0f01c89e12a796fe7703f5a9de46d6f4263e31e
s390x	thunderbird-128.9.2-1.el8_10.alma.1.s390x.rpm	9f5ebcd365d8d55d25922368973a936f7c470c7b193fe5da8522ccc0173470a2
x86_64	thunderbird-128.9.2-1.el8_10.alma.1.x86_64.rpm	780b4812210292589a594d65c10d1f920507c43bacf9d8baad4e908484bd8d91

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.