ELSA-2025-4229

Опубликовано: 28 апр. 2025

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2025-4229: thunderbird security update (IMPORTANT)

[128.9.2-1.0.1]

Fix prefs for new nss [Orabug: 37079813]
Add Oracle prefs

[128.9.2]

Add OpenELA debranding

[128.9.2-1]

Update to 128.9.2

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

thunderbird

128.9.2-1.0.1.el9_5

Oracle Linux x86_64

thunderbird

128.9.2-1.0.1.el9_5

Связанные CVE

CVE-2025-2830

CVE-2025-3523

CVE-2025-3522

Ссылки на источники

Связанные уязвимости

SUSE-SU-2025:1366-1

suse-cvrf

около 2 месяцев назад

Security update for MozillaThunderbird

ROS-20250515-08

CVSS3: 6.4

redos

около 1 месяца назад

Множественные уязвимости thunderbird

ELSA-2025-7435

oracle-oval

28 дней назад

ELSA-2025-7435: thunderbird security update (IMPORTANT)

ELSA-2025-4649

oracle-oval

около 1 месяца назад

ELSA-2025-4649: thunderbird security update (IMPORTANT)

CVE-2025-2830

CVSS3: 6.3

ubuntu

2 месяца назад

By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2.