[ALSA-2025:8756] Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2025-06-10
Description:
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link (CVE-2025-3909) * thunderbird: Sender Spoofing via Malformed From Header in Thunderbird (CVE-2025-3875) * thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links (CVE-2025-3877) * thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking (CVE-2025-3932) * firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918) * firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919) * firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details (CVE-2025-5267) * firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264) * firefox: thunderbird: Memory safety bugs (CVE-2025-5268) * firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266) * firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content (CVE-2025-5263) * firefox: thunderbird: Memory safety bug (CVE-2025-5269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 thunderbird-128.11.0-1.el8_10.alma.1.aarch64.rpm 6c0d890f571dcf9311e076f1fc5fbd44402d05423a54cc2c891a1f2b09cf9281
ppc64le thunderbird-128.11.0-1.el8_10.alma.1.ppc64le.rpm faf6883dedb0d478d83367da50cacef76418232657bf9a8d6844e1819bf7b53f
s390x thunderbird-128.11.0-1.el8_10.alma.1.s390x.rpm e8f3d14ea889e5fb53fc4695daf42d0330b8dc3d0c368458115bf9b3e59302cd
x86_64 thunderbird-128.11.0-1.el8_10.alma.1.x86_64.rpm 20aad2d89fb8a9ef24544c394150c6c3715e1d8dd63e98b2d0e948219e2f9c07
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.