SUSE-SU-2025:02546-1

CVE-2025-8027: JavaScript engine only wrote partial return value to stack (bmo#1968423)
CVE-2025-8028: Large branch table could lead to truncated instruction (bmo#1971581)
CVE-2025-8029: javascript: URLs executed on object and embed tags (bmo#1928021)
CVE-2025-8036: DNS rebinding circumvents CORS (bmo#1960834)
CVE-2025-8037: Nameless cookies shadow secure cookies (bmo#1964767)
CVE-2025-8030: Potential user-assisted code execution in 'Copy as cURL' command (bmo#1968414)
CVE-2025-8031: Incorrect URL stripping in CSP reports (bmo#1971719)
CVE-2025-8032: XSLT documents could bypass CSP (bmo#1974407)
CVE-2025-8038: CSP frame-src was not correctly enforced for paths (bmo#1808979)
CVE-2025-8039: Search terms persisted in URL bar (bmo#1970997)
CVE-2025-8033: Incorrect JavaScript state machine for generators (bmo#1973990)
CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422)
CVE-2025-8040: Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 (bmo#1975058, bmo#1975058, bmo#1975998, bmo#1975998)
CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 (bmo#1975961, bmo#1975961, bmo#1975961)

Update to Mozilla Thunderbird 140.0.1 (MFSA 2025-54) (bsc#1244670):

CVE-2025-6424: Use-after-free in FontFaceSet (bmo#1966423)
CVE-2025-6425: The WebCompat WebExtension shipped exposed a persistent UUID (bmo#1717672)
CVE-2025-6426: No warning when opening executable terminal files on macOS (bmo#1964385)
CVE-2025-6427: connect-src Content Security Policy restriction could be bypassed (bmo#1966927)
CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com (bmo#1970658)
CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag (bmo#1971140)
CVE-2025-6432: DNS Requests leaked outside of a configured SOCKS proxy (bmo#1943804)
CVE-2025-6433: WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate (bmo#1954033)
CVE-2025-6434: HTTPS-Only exception screen lacked anti-clickjacking delay (bmo#1955182)
CVE-2025-6435: Save as in Devtools could download files without sanitizing the extension (bmo#1950056, bmo#1961777)
CVE-2025-6436: Memory safety bugs fixed in Firefox 140 and Thunderbird 140 (bmo#1941377, bmo#1960948, bmo#1966187, bmo#1966505, bmo#1970764)

References

Affected packages

SUSE:Linux Enterprise Module for Package Hub 15 SP6 / MozillaThunderbird

Package

Name: MozillaThunderbird
Purl: pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

140.1.0-150200.8.230.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird-translations-common": "140.1.0-150200.8.230.1",
            "MozillaThunderbird-translations-other": "140.1.0-150200.8.230.1",
            "MozillaThunderbird": "140.1.0-150200.8.230.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP7 / MozillaThunderbird

Package

Name: MozillaThunderbird
Purl: pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

140.1.0-150200.8.230.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird-translations-common": "140.1.0-150200.8.230.1",
            "MozillaThunderbird-translations-other": "140.1.0-150200.8.230.1",
            "MozillaThunderbird": "140.1.0-150200.8.230.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 15 SP6 / MozillaThunderbird

Package

Name: MozillaThunderbird
Purl: pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

140.1.0-150200.8.230.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird-translations-common": "140.1.0-150200.8.230.1",
            "MozillaThunderbird-translations-other": "140.1.0-150200.8.230.1",
            "MozillaThunderbird": "140.1.0-150200.8.230.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 15 SP7 / MozillaThunderbird

Package

Name: MozillaThunderbird
Purl: pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

140.1.0-150200.8.230.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird-translations-common": "140.1.0-150200.8.230.1",
            "MozillaThunderbird-translations-other": "140.1.0-150200.8.230.1",
            "MozillaThunderbird": "140.1.0-150200.8.230.1"
        }
    ]
}

openSUSE:Leap 15.6 / MozillaThunderbird

Package

Name: MozillaThunderbird
Purl: pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

140.1.0-150200.8.230.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird-translations-common": "140.1.0-150200.8.230.1",
            "MozillaThunderbird-translations-other": "140.1.0-150200.8.230.1",
            "MozillaThunderbird": "140.1.0-150200.8.230.1"
        }
    ]
}