Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: thunderbird: Large branch table could lead to truncated instruction (CVE-2025-8028)
* firefox: thunderbird: Memory safety bugs (CVE-2025-8035)
* firefox: thunderbird: Incorrect URL stripping in CSP reports (CVE-2025-8031)
* firefox: thunderbird: JavaScript engine only wrote partial return value to stack (CVE-2025-8027)
* firefox: thunderbird: Potential user-assisted code execution in ?Copy as cURL? command (CVE-2025-8030)
* firefox: Memory safety bugs (CVE-2025-8034)
* firefox: thunderbird: Incorrect JavaScript state machine for generators (CVE-2025-8033)
* firefox: thunderbird: XSLT documents could bypass CSP (CVE-2025-8032)
* firefox: thunderbird: javascript: URLs executed on object and embed tags (CVE-2025-8029)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
thunderbird-128.13.0-3.el9_6.alma.1.aarch64.rpm |
9f9a06aad08a7292eb28bccc21b625723a12d1f8a8755e3980d58009e8867079 |
| ppc64le |
thunderbird-128.13.0-3.el9_6.alma.1.ppc64le.rpm |
04320c8b1ae299f8fcbd13104ffb21b4b9a42d7337c2321083858b36f649aeeb |
| s390x |
thunderbird-128.13.0-3.el9_6.alma.1.s390x.rpm |
6c9cc36e4c28a06e2b3255895b4a4e02bbee098bf8c2a706c6d945443c9d36cc |
| x86_64 |
thunderbird-128.13.0-3.el9_6.alma.1.x86_64.rpm |
e53ea4bb99e3d8e7cc6c7073615df36220afb158d77dd40bb69c15fd8c8ca14c |
