ALSA-2025:7435

[ALSA-2025:7435] Important: thunderbird security update

Type:

security

Severity:

important

Release date:

2025-05-21

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.  

Security Fix(es):  

  * thunderbird: User Interface (UI) Misrepresentation of attachment URL (CVE-2025-3523)
  * thunderbird: Information Disclosure of /tmp directory listing (CVE-2025-2830)
  * thunderbird: Leak of hashed Window credentials via crafted attachment URL (CVE-2025-3522)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	thunderbird-128.10.0-1.el9_6.alma.1.aarch64.rpm	ccdf3a23f6b6088989b5cd394cb56f26e724b43594933aee1b3c95d0fa741310
ppc64le	thunderbird-128.10.0-1.el9_6.alma.1.ppc64le.rpm	d4d19b49c659930d876a78ce359df7cd0672225b1623e111ea2646c7b842cd72
s390x	thunderbird-128.10.0-1.el9_6.alma.1.s390x.rpm	fab03adecc992a122d25a4943ca5b6382761847e39f1d8ec61bd8c32eb7dbbcb
x86_64	thunderbird-128.10.0-1.el9_6.alma.1.x86_64.rpm	ae21fd56c5442aa3c96d3bd897313f62add898cdcf9024f68c5929dc801c8af5

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.