ALSA-2025:13676

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

• firefox: thunderbird: Large branch table could lead to truncated instruction (CVE-2025-8028)
• firefox: thunderbird: Memory safety bugs (CVE-2025-8035)
• firefox: thunderbird: Incorrect URL stripping in CSP reports (CVE-2025-8031)
• firefox: thunderbird: JavaScript engine only wrote partial return value to stack (CVE-2025-8027)
• firefox: thunderbird: Potential user-assisted code execution in ?Copy as cURL? command (CVE-2025-8030)
• firefox: Memory safety bugs (CVE-2025-8034)
• firefox: thunderbird: Incorrect JavaScript state machine for generators (CVE-2025-8033)
• firefox: thunderbird: XSLT documents could bypass CSP (CVE-2025-8032)
• firefox: thunderbird: javascript: URLs executed on object and embed tags (CVE-2025-8029)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.