SUSE Package Hub - SUSE-PackageHub-16.0-packagehub-10

Update Info

SUSE-PackageHub-16.0-packagehub-10

Security update for MozillaThunderbird

Type: security

Severity: important

Issued: 2025-10-29

Description:

This update for MozillaThunderbird fixes the following issues:

Changes in MozillaThunderbird:

Mozilla Thunderbird 140.3.0 ESR:

  * Right-clicking 'List-ID' -> 'Unsubscribe' created double encoded
    draft subject
  * Thunderbird could crash on startup
  * Thunderbird could crash when importing mail
  * Opening Website header link in RSS feed incorrectly re-encoded
    URL parameters
  MFSA 2025-78 (bsc#1249391)
  * CVE-2025-10527
    Sandbox escape due to use-after-free in the Graphics:
    Canvas2D component
  * CVE-2025-10528
    Sandbox escape due to undefined behavior, invalid pointer in
    the Graphics: Canvas2D component
  * CVE-2025-10529
    Same-origin policy bypass in the Layout component
  * CVE-2025-10532
    Incorrect boundary conditions in the JavaScript: GC component
  * CVE-2025-10533
    Integer overflow in the SVG component
  * CVE-2025-10536
    Information disclosure in the Networking: Cache component
  * CVE-2025-10537
    Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
    ESR 140.3, Firefox 143 and Thunderbird 143

References

CVE: CVE-2025-10537
CVE: CVE-2025-10536
CVE: CVE-2025-10533
CVE: CVE-2025-10532
CVE: CVE-2025-10529
CVE: CVE-2025-10528
CVE: CVE-2025-10527
Bugzilla: 1249391 VUL-0: MozillaFirefox / MozillaThunderbird: update to 143.0 and 140.3esr

Packages

MozillaThunderbird-140.3.0-bp160.1.1