Updated thunderbird packgaes fix security vulnerabilities
Publication date: 23 Oct 2025Modification date: 23 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-10527 , CVE-2025-10528 , CVE-2025-10529 , CVE-2025-10532 , CVE-2025-10533 , CVE-2025-10536 , CVE-2025-10537 , CVE-2025-11708 , CVE-2025-11709 , CVE-2025-11710 , CVE-2025-11711 , CVE-2025-11712 , CVE-2025-11713 , CVE-2025-11714 , CVE-2025-11715
Description
CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance()
CVE-2025-11709: Out of bounds read/write in a privileged process
triggered by WebGL textures
CVE-2025-11710: Cross-process information leaked due to malicious IPC
messages
CVE-2025-11711: Some non-writable Object properties could be modified
CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior
on web resources without a content-type
CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL”
command
CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox
ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4,
Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144, and other
security fixes; please see the links.
References
- https://bugs.mageia.org/show_bug.cgi?id=34638
- https://www.thunderbird.net/en-US/thunderbird/140.4.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/
- https://www.thunderbird.net/en-US/thunderbird/140.4.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/
- https://www.thunderbird.net/en-US/thunderbird/140.3.1esr/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/140.3.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10527
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10528
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10529
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10532
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10533
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10536
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10537
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11708
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11709
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11710
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11711
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11712
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11713
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11714
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11715
SRPMS
9/core
- thunderbird-140.4.0-1.2.mga9
- thunderbird-l10n-140.4.0-1.mga9