ALSA-2025:16157

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

• firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)
• firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)
• firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)
• firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)
• firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)
• firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)
• firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.