Updated thunderbird packages fix security vulnerabilities
Publication date: 14 Jan 2025Modification date: 13 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-0237 , CVE-2025-0238 , CVE-2025-0239 , CVE-2025-0240 , CVE-2025-0241 , CVE-2025-0242 , CVE-2025-0243
Description
WebChannel APIs susceptible to confused deputy attack. (CVE-2025-0237)
Use-after-free when breaking lines in text. (CVE-2025-0238)
Alt-Svc ALPN validation failure when redirected. (CVE-2025-0239)
Compartment mismatch when parsing JavaScript JSON module.
(CVE-2025-0240)
Memory corruption when using JavaScript Text Segmentation.
(CVE-2025-0241)
Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR
115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6.
(CVE-2025-0242)
Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR
128.6, and Thunderbird 128.6. (CVE-2025-0243)
References
- https://bugs.mageia.org/show_bug.cgi?id=33900
- https://www.thunderbird.net/en-US/thunderbird/128.6.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0237
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0238
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0240
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0241
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0242
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0243
SRPMS
9/core
- thunderbird-128.6.0-1.mga9
- thunderbird-l10n-128.6.0-1.mga9