OESA-2025-2557

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2557
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-2557.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2025-2557
Upstream
  • CVE-2025-11708
  • CVE-2025-11709
  • CVE-2025-11710
  • CVE-2025-11711
  • CVE-2025-11712
  • CVE-2025-11714
  • CVE-2025-11715
  • CVE-2025-4082
  • CVE-2025-4084
Published
2025-10-31T14:12:52Z
Modified
2025-10-31T18:49:51.176192Z
Summary
thunderbird security update
Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

This vulnerability affects Firefox versions prior to 143 and Firefox ESR versions prior to 140.3. Specific vulnerability type and impact details require further confirmation.(CVE-2025-10527)

This vulnerability affects Firefox < 143 and Firefox ESR < 140.3.(CVE-2025-10528)

This vulnerability affects Firefox versions earlier than 143 and Firefox ESR versions earlier than 140.3. The vulnerability may lead to security bypass or other security issues.(CVE-2025-10529)

This vulnerability affects Firefox < 143 and Firefox ESR < 140.3.(CVE-2025-10532)

This vulnerability affects Firefox < 143, Firefox ESR < 115.28, and Firefox ESR < 140.3. Specific vulnerability details require further analysis.(CVE-2025-10533)

This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.(CVE-2025-10536)

Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143 and Firefox ESR < 140.3.(CVE-2025-10537)

Use-after-free vulnerability in MediaTrackGraphImpl::GetInstance(). This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11708)

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11709)

A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11710)

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11711)

A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11712)

Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11714)

Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird ESR < 140.4.(CVE-2025-11715)

Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.(CVE-2025-4082)

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. This vulnerability affects Firefox ESR < 128.10, Firefox ESR < 115.23, and Thunderbird < 128.10.(CVE-2025-4084)

Database specific 
{
    "severity": "Critical"
}
References

Affected packages

openEuler:24.03-LTS-SP2 / thunderbird

Package

Name
thunderbird
Purl
pkg:rpm/openEuler/thunderbird&distro=openEuler-24.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
140.4.0-1.oe2403sp2

Ecosystem specific 

{
    "aarch64": [
        "thunderbird-140.4.0-1.oe2403sp2.aarch64.rpm",
        "thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64.rpm",
        "thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64.rpm",
        "thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64.rpm",
        "thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64.rpm"
    ],
    "src": [
        "thunderbird-140.4.0-1.oe2403sp2.src.rpm"
    ],
    "x86_64": [
        "thunderbird-140.4.0-1.oe2403sp2.x86_64.rpm",
        "thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64.rpm",
        "thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64.rpm",
        "thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64.rpm",
        "thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64.rpm"
    ]
}