Описание
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
-
thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link (CVE-2025-3909)
-
thunderbird: Sender Spoofing via Malformed From Header in Thunderbird (CVE-2025-3875)
-
thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links (CVE-2025-3877)
-
thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking (CVE-2025-3932)
-
firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918)
-
firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919)
-
firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details (CVE-2025-5267)
-
firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264)
-
firefox: thunderbird: Memory safety bugs (CVE-2025-5268)
-
firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266)
-
firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content (CVE-2025-5263)
-
firefox: thunderbird: Memory safety bug (CVE-2025-5269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 8
Ссылки на источники
Исправления
- Red Hat - 2366283
- Red Hat - 2366287
- Red Hat - 2366291
- Red Hat - 2366297
- Red Hat - 2367016
- Red Hat - 2367018
- Red Hat - 2368749
- Red Hat - 2368750
- Red Hat - 2368751
- Red Hat - 2368752
- Red Hat - 2368755
- Red Hat - 2368756
- Red Hat - 2368757
