Advisories ยป MGASA-2025-0151

Updated thunderbird packages fix security vulnerabilities

Publication date: 08 May 2025
Modification date: 08 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4083 , CVE-2025-4087 , CVE-2025-4091 , CVE-2025-4093

Description

Process isolation bypass using "javascript:" URI links in cross-origin
frames. (CVE-2025-4083)
Unsafe attribute access during XPath parsing. (CVE-2025-4087)
Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR
128.10, and Thunderbird 128.10. (CVE-2025-4091)
Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10.
(CVE-2025-4093)
                

References

SRPMS

9/core