Updated thunderbird packages fix security vulnerabilities
Publication date: 05 Apr 2025Modification date: 05 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3028 , CVE-2025-3029 , CVE-2025-3030
Description
Use-after-free triggered by XSLTProcessor. (CVE-2025-3028)
URL Bar Spoofing via non-BMP Unicode characters. (CVE-2025-3029)
Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR
128.9, and Thunderbird 128.9. (CVE-2025-3030)
References
- https://bugs.mageia.org/show_bug.cgi?id=34155
- https://www.thunderbird.net/en-US/thunderbird/128.9.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-24/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3028
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3029
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3030
SRPMS
9/core
- thunderbird-128.9.0-1.mga9
- thunderbird-l10n-128.9.0-1.mga9