openSUSE-SU-2025:20026-1

Описание

This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird 140.4:

• changed: Account Hub is now disabled by default for second email account
• changed: Flatpak runtime has been updated to Freedesktop SDK 24.08
• fixed: Users could not read mail signed with OpenPGP v6 and PQC keys
• fixed: Image preview in Insert Image dialog failed with CSP error for web resources
• fixed: Emptying trash on exit did not work with some providers
• fixed: Thunderbird could crash when applying filters
• fixed: Users were unable to override expired mail server certificate
• fixed: Opening Website header link in RSS feed incorrectly re-encoded URL parameters
• fixed: Security fixes

MFSA 2025-85 (bsc#1251263):

• CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance()
• CVE-2025-11709 Out of bounds read/write in a privileged process triggered by WebGL textures
• CVE-2025-11710 Cross-process information leaked due to malicious IPC messages
• CVE-2025-11711 Some non-writable Object properties could be modified
• CVE-2025-11712 An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
• CVE-2025-11713 Potential user-assisted code execution in “Copy as cURL” command
• CVE-2025-11714 Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
• CVE-2025-11715 Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144