Updated thunderbird packages fix security vulnerabilities
Publication date: 08 May 2025Modification date: 08 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4083 , CVE-2025-4087 , CVE-2025-4091 , CVE-2025-4093
Description
Process isolation bypass using "javascript:" URI links in cross-origin frames. (CVE-2025-4083) Unsafe attribute access during XPath parsing. (CVE-2025-4087) Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. (CVE-2025-4091) Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10. (CVE-2025-4093)
References
- https://bugs.mageia.org/show_bug.cgi?id=34233
- https://www.thunderbird.net/en-US/thunderbird/128.10.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4083
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4087
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4091
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4093
SRPMS
9/core
- thunderbird-128.10.0-1.mga9
- thunderbird-l10n-128.10.0-1.mga9