SUSE-SU-2025:0080-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-20250080-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0080-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:0080-1
- Related
- Published
- 2025-01-13T15:30:55Z
- Modified
- 2025-01-13T15:30:55Z
- Summary
- Security update for MozillaThunderbird
- Details
-
This update for MozillaThunderbird fixes the following issues:
Update to Mozilla Thunderbird ESR 128.6 (MFSA 2025-05, bsc#1234991)
Security fixes:
- CVE-2025-0237 (bmo#1915257) WebChannel APIs susceptible to confused deputy attack
- CVE-2025-0238 (bmo#1915535) Use-after-free when breaking lines in text
- CVE-2025-0239 (bmo#1929156) Alt-Svc ALPN validation failure when redirected
- CVE-2025-0240 (bmo#1929623) Compartment mismatch when parsing JavaScript JSON module
- CVE-2025-0241 (bmo#1933023) Memory corruption when using JavaScript Text Segmentation
- CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6
- CVE-2025-0243 (bmo#1827142, bmo#1932783) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6
Other fixes:
- fixed: New mail notification was not hidden after reading the new message (bmo#1920077)
- fixed: New mail notification could show for the wrong folder, causing repeated alerts (bmo#1926462)
- fixed: macOS shortcut CMD+1 did not restore the main window when it was minimized (bmo#1857953)
- fixed: Clicking the context menu 'Reply' button resulted in 'Reply-All' (bmo#1935883)
- fixed: Switching from 'All', 'Unread', and 'Threads with unread' did not work (bmo#1921618)
- fixed: Downloading message headers from a newsgroup could cause a hang (bmo#1931661)
- fixed: Message list performance slow when many updates happened at once (bmo#1933104)
- fixed: 'mailto:' links did not apply the compose format of the current identity (bmo#550414)
- fixed: Authentication failure of AUTH PLAIN or AUTH LOGIN did not fall back to USERPASS (bmo#1928026)
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-20250080-1/
- https://bugzilla.suse.com/1234991
- https://www.suse.com/security/cve/CVE-2025-0237
- https://www.suse.com/security/cve/CVE-2025-0238
- https://www.suse.com/security/cve/CVE-2025-0239
- https://www.suse.com/security/cve/CVE-2025-0240
- https://www.suse.com/security/cve/CVE-2025-0241
- https://www.suse.com/security/cve/CVE-2025-0242
- https://www.suse.com/security/cve/CVE-2025-0243
Affected packages
SUSE:Linux Enterprise Module for Package Hub 15 SP6 / MozillaThunderbird
Package
- Name
- MozillaThunderbird
- Purl
- pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
SUSE:Linux Enterprise Workstation Extension 15 SP6 / MozillaThunderbird
Package
- Name
- MozillaThunderbird
- Purl
- pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6