ALSA-2025:8608

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

• firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918)
• firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919)
• firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details (CVE-2025-5267)
• firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264)
• firefox: thunderbird: Memory safety bugs (CVE-2025-5268)
• firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266)
• firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content (CVE-2025-5263)
• firefox: thunderbird: Memory safety bug (CVE-2025-5269)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.