OESA-2025-2770
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2770
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-2770.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2025-2770
- Upstream
- Published
- 2025-11-28T12:53:20Z
- Modified
- 2025-11-28T13:17:38.726532Z
- Summary
- thunderbird security update
- Details
-
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.(CVE-2025-13012)
Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.(CVE-2025-13013)
Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.(CVE-2025-13014)
Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.(CVE-2025-13015)
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.(CVE-2025-13016)
Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.(CVE-2025-13017)
Mitigation bypass vulnerability in the DOM Security component. This vulnerability affects Firefox versions prior to 145 and Firefox ESR versions prior to 140.5, potentially allowing remote code execution.(CVE-2025-13018)
Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.(CVE-2025-13019)
Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code, affecting confidentiality, integrity, and availability.(CVE-2025-13020)
- Database specific
{ "severity": "High" }- References
-
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2770
- https://nvd.nist.gov/vuln/detail/CVE-2025-13012
- https://nvd.nist.gov/vuln/detail/CVE-2025-13013
- https://nvd.nist.gov/vuln/detail/CVE-2025-13014
- https://nvd.nist.gov/vuln/detail/CVE-2025-13015
- https://nvd.nist.gov/vuln/detail/CVE-2025-13016
- https://nvd.nist.gov/vuln/detail/CVE-2025-13017
- https://nvd.nist.gov/vuln/detail/CVE-2025-13018
- https://nvd.nist.gov/vuln/detail/CVE-2025-13019
- https://nvd.nist.gov/vuln/detail/CVE-2025-13020
Affected packages
openEuler:24.03-LTS-SP2 / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:rpm/openEuler/thunderbird&distro=openEuler-24.03-LTS-SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed140.5.0-1.oe2403sp2
Ecosystem specific
{
"src": [
"thunderbird-140.5.0-1.oe2403sp2.src.rpm"
],
"aarch64": [
"thunderbird-140.5.0-1.oe2403sp2.aarch64.rpm",
"thunderbird-debuginfo-140.5.0-1.oe2403sp2.aarch64.rpm",
"thunderbird-debugsource-140.5.0-1.oe2403sp2.aarch64.rpm",
"thunderbird-librnp-rnp-140.5.0-1.oe2403sp2.aarch64.rpm",
"thunderbird-wayland-140.5.0-1.oe2403sp2.aarch64.rpm"
],
"x86_64": [
"thunderbird-140.5.0-1.oe2403sp2.x86_64.rpm",
"thunderbird-debuginfo-140.5.0-1.oe2403sp2.x86_64.rpm",
"thunderbird-debugsource-140.5.0-1.oe2403sp2.x86_64.rpm",
"thunderbird-librnp-rnp-140.5.0-1.oe2403sp2.x86_64.rpm",
"thunderbird-wayland-140.5.0-1.oe2403sp2.x86_64.rpm"
]
}