ALSA-2025:4229

[ALSA-2025:4229] Important: thunderbird security update

Type:

security

Severity:

important

Release date:

2025-04-28

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.  

Security Fix(es):  

  * thunderbird: User Interface (UI) Misrepresentation of attachment URL (CVE-2025-3523)
  * thunderbird: Information Disclosure of /tmp directory listing (CVE-2025-2830)
  * thunderbird: Leak of hashed Window credentials via crafted attachment URL (CVE-2025-3522)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	thunderbird-128.9.2-1.el9_5.alma.1.aarch64.rpm	716c2fd6ca33a0266d8338228c000f2d6b61108e54dfcfab630a574a40856b8f
ppc64le	thunderbird-128.9.2-1.el9_5.alma.1.ppc64le.rpm	d2e4312c50f5625be47a2e8d45dbf847d269fcc939c215014b02edd35fb72d0c
s390x	thunderbird-128.9.2-1.el9_5.alma.1.s390x.rpm	136275cfbc69317abf03f9380c0f3e726c174086a4bae97c02f6028e40e85807
x86_64	thunderbird-128.9.2-1.el9_5.alma.1.x86_64.rpm	a32a6bd84219441c8899ee166a7a8fa897351d56738b66aa5dbe7c67a8403501

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.