ELSA-2025-4649

Опубликовано: 07 мая 2025

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2025-4649: thunderbird security update (IMPORTANT)

[128.9.2-1.0.1]

Fix prefs for new nss [Orabug: 37079820]
Add Oracle prefs file
Force use of gcc-toolset-13 due to clang dependency

[128.9.2]

Add OpenELA debranding

[128.9.2-1]

Update to 128.9.2

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

thunderbird

128.9.2-1.0.1.el8_10

Oracle Linux x86_64

thunderbird

128.9.2-1.0.1.el8_10

Связанные CVE

CVE-2025-2830

CVE-2025-3522

CVE-2025-3523

Ссылки на источники

Связанные уязвимости

SUSE-SU-2025:1366-1

suse-cvrf

около 2 месяцев назад

Security update for MozillaThunderbird

ROS-20250515-08

CVSS3: 6.4

redos

около 1 месяца назад

Множественные уязвимости thunderbird

ELSA-2025-7435

oracle-oval

28 дней назад

ELSA-2025-7435: thunderbird security update (IMPORTANT)

ELSA-2025-4229

oracle-oval

около 2 месяцев назад

ELSA-2025-4229: thunderbird security update (IMPORTANT)

CVE-2025-2830

CVSS3: 6.3

ubuntu

2 месяца назад

By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2.