Описание
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues:
Update to Mozilla Thunderbird 128.11 (MFSA 2025-46, bsc#1243353):
- CVE-2025-5262: Double-free in libvpx encoder (bmo#1962421)
- CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content (bmo#1960745)
- CVE-2025-5264: Potential local code execution in 'Copy as cURL' command (bmo#1950001)
- CVE-2025-5265: Potential local code execution in 'Copy as cURL' command (bmo#1962301)
- CVE-2025-5266: Script element events leaked cross-origin resource status (bmo#1965628)
- CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved payment card details (bmo#1954137)
- CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 (bmo#1950136, bmo#1958121, bmo#1960499, bmo#1962634)
- CVE-2025-5269: Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 (bmo#1924108)
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP6
SUSE Linux Enterprise Module for Package Hub 15 SP7
SUSE Linux Enterprise Workstation Extension 15 SP6
SUSE Linux Enterprise Workstation Extension 15 SP7
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2025:01946-1
- E-Mail link for SUSE-SU-2025:01946-1
- SUSE Security Ratings
- SUSE Bug 1243353
- SUSE CVE CVE-2025-5262 page
- SUSE CVE CVE-2025-5263 page
- SUSE CVE CVE-2025-5264 page
- SUSE CVE CVE-2025-5265 page
- SUSE CVE CVE-2025-5266 page
- SUSE CVE CVE-2025-5267 page
- SUSE CVE CVE-2025-5268 page
- SUSE CVE CVE-2025-5269 page
Описание
** REJECT ** This CVE was accidentally assigned by Mozilla but should be assigned by another CNA. When the correct CVE is available, Mozilla's advisories will be updated to reflect that identifier.
Затронутые продукты
Ссылки
- CVE-2025-5262
- SUSE Bug 1243353
Описание
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, and Firefox ESR < 128.11.
Затронутые продукты
Ссылки
- CVE-2025-5263
- SUSE Bug 1243353
Описание
Due to insufficient escaping of the newline character in the "Copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, and Firefox ESR < 128.11.
Затронутые продукты
Ссылки
- CVE-2025-5264
- SUSE Bug 1243353
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
Ссылки
- CVE-2025-5265
- SUSE Bug 1243353
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
Ссылки
- CVE-2025-5266
- SUSE Bug 1243353
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
Ссылки
- CVE-2025-5267
- SUSE Bug 1243353
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
Ссылки
- CVE-2025-5268
- SUSE Bug 1243353
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
Ссылки
- CVE-2025-5269
- SUSE Bug 1243353