Описание
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
Update to Mozilla Thunderbird 128.10.2 (MFSA 2025-40, bsc#1243303):
Security fixes:
- CVE-2025-4918: Out-of-bounds access when resolving Promise objects (bmo#1966612)
- CVE-2025-4919: Out-of-bounds access when optimizing linear sums (bmo#1966614)
Other fixes:
- Messages could not be viewed if the profile used a UNC path (bmo#1966256)
- Visual and UX improvements (bmo#1964156)
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP6
MozillaThunderbird-128.10.2-150200.8.218.1
MozillaThunderbird-translations-common-128.10.2-150200.8.218.1
MozillaThunderbird-translations-other-128.10.2-150200.8.218.1
SUSE Linux Enterprise Module for Package Hub 15 SP7
MozillaThunderbird-128.10.2-150200.8.218.1
MozillaThunderbird-translations-common-128.10.2-150200.8.218.1
MozillaThunderbird-translations-other-128.10.2-150200.8.218.1
SUSE Linux Enterprise Workstation Extension 15 SP6
MozillaThunderbird-128.10.2-150200.8.218.1
MozillaThunderbird-translations-common-128.10.2-150200.8.218.1
MozillaThunderbird-translations-other-128.10.2-150200.8.218.1
SUSE Linux Enterprise Workstation Extension 15 SP7
MozillaThunderbird-128.10.2-150200.8.218.1
MozillaThunderbird-translations-common-128.10.2-150200.8.218.1
MozillaThunderbird-translations-other-128.10.2-150200.8.218.1
openSUSE Leap 15.6
MozillaThunderbird-128.10.2-150200.8.218.1
MozillaThunderbird-translations-common-128.10.2-150200.8.218.1
MozillaThunderbird-translations-other-128.10.2-150200.8.218.1
Ссылки
- Link for SUSE-SU-2025:01813-1
- E-Mail link for SUSE-SU-2025:01813-1
- SUSE Security Ratings
- SUSE Bug 1243303
- SUSE CVE CVE-2025-4918 page
- SUSE CVE CVE-2025-4919 page
Описание
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.10.2-150200.8.218.1
SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.10.2-150200.8.218.1
SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.10.2-150200.8.218.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-128.10.2-150200.8.218.1
Ссылки
- CVE-2025-4918
- SUSE Bug 1243303
Описание
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.10.2-150200.8.218.1
SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.10.2-150200.8.218.1
SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.10.2-150200.8.218.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-128.10.2-150200.8.218.1
Ссылки
- CVE-2025-4919
- SUSE Bug 1243303