SUSE-SU-2025:4397-1

Опубликовано: 15 дек. 2025

Источник: suse-cvrf

Описание

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues:

Update to Mozilla Thunderbird 140.6 (bsc#1254551).

MFSA 2025-96
- CVE-2025-14321: use-after-free in the WebRTC: Signaling component.
- CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component.
- CVE-2025-14323: privilege escalation in the DOM: Notifications component.
- CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component.
- CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component.
- CVE-2025-14328: privilege escalation in the Netmonitor component.
- CVE-2025-14329: privilege escalation in the Netmonitor component.
- CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component.
- CVE-2025-14331: same-origin policy bypass in the Request Handling component.
- CVE-2025-14333: memory safety bugs.

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP6

MozillaThunderbird-140.6.0-150200.8.248.1

MozillaThunderbird-translations-common-140.6.0-150200.8.248.1

MozillaThunderbird-translations-other-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP7

MozillaThunderbird-140.6.0-150200.8.248.1

MozillaThunderbird-translations-common-140.6.0-150200.8.248.1

MozillaThunderbird-translations-other-140.6.0-150200.8.248.1

SUSE Linux Enterprise Workstation Extension 15 SP6

MozillaThunderbird-140.6.0-150200.8.248.1

MozillaThunderbird-translations-common-140.6.0-150200.8.248.1

MozillaThunderbird-translations-other-140.6.0-150200.8.248.1

SUSE Linux Enterprise Workstation Extension 15 SP7

MozillaThunderbird-140.6.0-150200.8.248.1

MozillaThunderbird-translations-common-140.6.0-150200.8.248.1

MozillaThunderbird-translations-other-140.6.0-150200.8.248.1

openSUSE Leap 15.6

MozillaThunderbird-140.6.0-150200.8.248.1

MozillaThunderbird-translations-common-140.6.0-150200.8.248.1

MozillaThunderbird-translations-other-140.6.0-150200.8.248.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20254397-1/
Link for SUSE-SU-2025:4397-1
https://lists.suse.com/pipermail/sle-security-updates/2025-December/023540.html
E-Mail link for SUSE-SU-2025:4397-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1254551
SUSE Bug 1254551
https://www.suse.com/security/cve/CVE-2025-14321/
SUSE CVE CVE-2025-14321 page
https://www.suse.com/security/cve/CVE-2025-14322/
SUSE CVE CVE-2025-14322 page
https://www.suse.com/security/cve/CVE-2025-14323/
SUSE CVE CVE-2025-14323 page
https://www.suse.com/security/cve/CVE-2025-14324/
SUSE CVE CVE-2025-14324 page
https://www.suse.com/security/cve/CVE-2025-14325/
SUSE CVE CVE-2025-14325 page
https://www.suse.com/security/cve/CVE-2025-14328/
SUSE CVE CVE-2025-14328 page
https://www.suse.com/security/cve/CVE-2025-14329/
SUSE CVE CVE-2025-14329 page
https://www.suse.com/security/cve/CVE-2025-14330/
SUSE CVE CVE-2025-14330 page
https://www.suse.com/security/cve/CVE-2025-14331/
SUSE CVE CVE-2025-14331 page
https://www.suse.com/security/cve/CVE-2025-14333/
SUSE CVE CVE-2025-14333 page

Описание

Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-14321.html
CVE-2025-14321
https://bugzilla.suse.com/1254551
SUSE Bug 1254551

Описание

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-14322.html
CVE-2025-14322
https://bugzilla.suse.com/1254551
SUSE Bug 1254551

Описание

Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-14323.html
CVE-2025-14323
https://bugzilla.suse.com/1254551
SUSE Bug 1254551

Описание

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-14324.html
CVE-2025-14324
https://bugzilla.suse.com/1254551
SUSE Bug 1254551

Описание

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-14325.html
CVE-2025-14325
https://bugzilla.suse.com/1254551
SUSE Bug 1254551

Описание

Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-14328.html
CVE-2025-14328
https://bugzilla.suse.com/1254551
SUSE Bug 1254551

Описание

Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-14329.html
CVE-2025-14329
https://bugzilla.suse.com/1254551
SUSE Bug 1254551

Описание

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-14330.html
CVE-2025-14330
https://bugzilla.suse.com/1254551
SUSE Bug 1254551

Описание

Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-14331.html
CVE-2025-14331
https://bugzilla.suse.com/1254551
SUSE Bug 1254551

Описание

Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1

SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-14333.html
CVE-2025-14333
https://bugzilla.suse.com/1254551
SUSE Bug 1254551

SUSE-SU-2025:4397-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP6

SUSE Linux Enterprise Module for Package Hub 15 SP7

SUSE Linux Enterprise Workstation Extension 15 SP6

SUSE Linux Enterprise Workstation Extension 15 SP7

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-14321

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-14322

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-14323

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-14324

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-14325

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-14328

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-14329

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-14330

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-14331

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-14333

Описание

Затронутые продукты

Ссылки