SUSE-SU-2025:0405-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-20250405-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0405-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:0405-1
- Related
- Published
- 2025-02-10T13:54:51Z
- Modified
- 2025-02-10T13:54:51Z
- Summary
- Security update for MozillaThunderbird
- Details
-
This update for MozillaThunderbird fixes the following issues:
Update to Mozilla Thunderbird 128.7 (MFSA 2025-10, bsc#1236539).
Security fixes:
- CVE-2025-1009: use-after-free in XSLT.
- CVE-2025-1010: use-after-free in Custom Highlight.
- CVE-2025-1011: a bug in WebAssembly code generation could result in a crash.
- CVE-2025-1012: use-after-free during concurrent delazification.
- CVE-2024-11704: potential double-free vulnerability in PKCS#7 decryption handling.
- CVE-2025-1013: potential opening of private browsing tabs in normal browsing windows.
- CVE-2025-1014: certificate length was not properly checked.
- CVE-2025-1015: unsanitized address book fields.
- CVE-2025-0510: address of e-mail sender can be spoofed by malicious email.
- CVE-2025-1016: memory safety bugs.
- CVE-2025-1017: memory safety bugs.
Other fixes:
- fixed: images inside links could zoom when clicked instead of opening the link.
- fixed: compacting an empty folder failed with write error.
- fixed: compacting of IMAP folder with corrupted local storage failed with write error.
- fixed: after restart, all restored tabs with opened PDFs showed the same attachment.
- fixed: exceptions during CalDAV item processing would halt subsequent item handling.
- fixed: context menu was unable to move email address to a different field.
- fixed: link at about:rights pointed to Firefox privacy policy instead of Thunderbird's.
- fixed: POP3 'fetch headers only' and 'get selected messages' could delete messages.
- fixed: 'Search Online' checkbox in saved search properties was incorrectly disabled.
- fixed: POP3 status message showed incorrect download count when messages were deleted.
- fixed: space bar did not always advance to the next unread message.
- fixed: folder creation or renaming failed due to incorrect preference settings.
- fixed: forwarding/editing S/MIME drafts/templates unusable due to regression (bsc#1236411).
- fixed: sort order in 'Search Messages' panel reset after search or on first launch.
- fixed: reply window added an unnecessary third blank line at the top.
- fixed: Thunderbird spell check box did not allow ENTER to accept suggested changes.
- fixed: long email subject lines could overlap window control buttons on macOS.
- fixed: flathub manifest link was not correct.
- fixed: 'Prefer client-side email scheduling' needed to be selected twice.
- fixed: duplicate invitations were sent if CALDAV calendar email case did not match.
- fixed: visual and UX improvements.
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-20250405-1/
- https://bugzilla.suse.com/1236411
- https://bugzilla.suse.com/1236539
- https://www.suse.com/security/cve/CVE-2024-11704
- https://www.suse.com/security/cve/CVE-2025-0510
- https://www.suse.com/security/cve/CVE-2025-1009
- https://www.suse.com/security/cve/CVE-2025-1010
- https://www.suse.com/security/cve/CVE-2025-1011
- https://www.suse.com/security/cve/CVE-2025-1012
- https://www.suse.com/security/cve/CVE-2025-1013
- https://www.suse.com/security/cve/CVE-2025-1014
- https://www.suse.com/security/cve/CVE-2025-1015
- https://www.suse.com/security/cve/CVE-2025-1016
- https://www.suse.com/security/cve/CVE-2025-1017
Affected packages
SUSE:Linux Enterprise Module for Package Hub 15 SP6 / MozillaThunderbird
Package
- Name
- MozillaThunderbird
- Purl
- pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
SUSE:Linux Enterprise Workstation Extension 15 SP6 / MozillaThunderbird
Package
- Name
- MozillaThunderbird
- Purl
- pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6