Updated thunderbird thunderbird-l10n packages fix security vulnerabilities
Publication date: 12 Mar 2025Modification date: 12 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-43097 , CVE-2025-1931 , CVE-2025-1932 , CVE-2025-1933 , CVE-2025-1934 , CVE-2025-1935 , CVE-2025-1936 , CVE-2025-1937 , CVE-2025-1938
Description
CVE-2024-43097: Overflow when growing an SkRegion's RunArray
CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the
Browser process
CVE-2025-1931: Use-after-free in WebTransportChild
CVE-2025-1932: Inconsistent comparator in XSLT sorting led to
out-of-bounds access
CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs
CVE-2025-1934: Unexpected GC during RegExp bailout processing
CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar
CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the
interpretation of the contents
CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136,
Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136,
Firefox ESR 128.8, and Thunderbird 128.8
References
- https://bugs.mageia.org/show_bug.cgi?id=34065
- https://www.thunderbird.net/en-US/thunderbird/128.8.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43097
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1931
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1932
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1933
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1934
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1935
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1936
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1937
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1938
SRPMS
9/core
- thunderbird-128.8.0-1.mga9
- thunderbird-l10n-128.8.0-1.mga9