MGASA-2025-0247
- Source
- https://advisories.mageia.org/MGASA-2025-0247.html
- Import Source
- https://advisories.mageia.org/MGASA-2025-0247.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2025-0247
- Related
- Published
- 2025-10-23T19:37:59Z
- Modified
- 2025-10-23T18:59:21Z
- Summary
- Updated thunderbird packgaes fix security vulnerabilities
- Details
-
CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could be modified CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144, and other security fixes; please see the links.
- References
-
- https://advisories.mageia.org/MGASA-2025-0247.html
- https://bugs.mageia.org/show_bug.cgi?id=34638
- https://www.thunderbird.net/en-US/thunderbird/140.4.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/
- https://www.thunderbird.net/en-US/thunderbird/140.3.1esr/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/140.3.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-9
Mageia:9 / thunderbird-l10n
Package
- Name
- thunderbird-l10n
- Purl
- pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-9