Updated thunderbird packages fix security vulnerabilities
Publication date: 19 Nov 2025Modification date: 19 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13012 , CVE-2025-13013 , CVE-2025-13014 , CVE-2025-13015 , CVE-2025-13016 , CVE-2025-13017 , CVE-2025-13018 , CVE-2025-13019 , CVE-2025-13020
Description
Race condition in the Graphics component. (CVE-2025-13012)
Mitigation bypass in the DOM: Core & HTML component. (CVE-2025-13013)
CVE-2025-13014: Use-after-free in the Audio/Video component.
(CVE-2025-13014)
Spoofing issue in Firefox. (CVE-2025-13015)
Incorrect boundary conditions in the JavaScript: WebAssembly component.
(CVE-2025-13016)
Same-origin policy bypass in the DOM: Notifications component.
(CVE-2025-13017)
Mitigation bypass in the DOM: Security component. (CVE-2025-13018)
Same-origin policy bypass in the DOM: Workers component.
(CVE-2025-13019)
Use-after-free in the WebRTC: Audio/Video component. (CVE-2025-13020)
References
- https://bugs.mageia.org/show_bug.cgi?id=34743
- https://www.thunderbird.net/en-US/thunderbird/140.5.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13012
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13013
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13014
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13015
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13016
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13017
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13018
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13019
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13020
SRPMS
9/core
- thunderbird-140.5.0-1.mga9
- thunderbird-l10n-140.5.0-1.mga9