SUSE-SU-2025:0849-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-20250849-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0849-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:0849-1
Related
Published
2025-03-12T15:12:43Z
Modified
2025-05-02T04:37:01.072752Z
Upstream
Summary
Security update for MozillaThunderbird
Details

This update for MozillaThunderbird fixes the following issues:

Updated to Mozilla Thunderbird 128.8 MFSA 2025-18 (bsc#1237683):

  • CVE-2024-43097: Overflow when growing an SkRegion's RunArray
  • CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process
  • CVE-2025-1931: Use-after-free in WebTransportChild
  • CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access
  • CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs
  • CVE-2025-1934: Unexpected GC during RegExp bailout processing
  • CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar
  • CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
  • CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
  • CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8
  • CVE-2025-26695: Downloading of OpenPGP keys from WKD used incorrect padding

  • CVE-2025-26696: Crafted email message incorrectly shown as being encrypted

    Other fixes:

  • Opening an .EML file in profiles with many folders could take a long time.
  • Users with many folders experienced poor performance when resizing message panes. *'Replace' button in compose window was overwritten when the window was narrow.
  • Export to mobile did not work when 'Use default server' was selected.
  • 'Save Link As' was not working in feed web content.
References

Affected packages

SUSE:Linux Enterprise Module for Package Hub 15 SP6 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
128.8.0-150200.8.203.1

Ecosystem specific 

{
    "binaries": [
        {
            "MozillaThunderbird": "128.8.0-150200.8.203.1",
            "MozillaThunderbird-translations-other": "128.8.0-150200.8.203.1",
            "MozillaThunderbird-translations-common": "128.8.0-150200.8.203.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 15 SP6 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
128.8.0-150200.8.203.1

Ecosystem specific 

{
    "binaries": [
        {
            "MozillaThunderbird": "128.8.0-150200.8.203.1",
            "MozillaThunderbird-translations-other": "128.8.0-150200.8.203.1",
            "MozillaThunderbird-translations-common": "128.8.0-150200.8.203.1"
        }
    ]
}

openSUSE:Leap 15.6 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
128.8.0-150200.8.203.1

Ecosystem specific 

{
    "binaries": [
        {
            "MozillaThunderbird": "128.8.0-150200.8.203.1",
            "MozillaThunderbird-translations-other": "128.8.0-150200.8.203.1",
            "MozillaThunderbird-translations-common": "128.8.0-150200.8.203.1"
        }
    ]
}