This update for MozillaThunderbird fixes the following issues:

Mozilla Thunderbird 140.4:

  * changed: Account Hub is now disabled by default for second
    email account
  * changed: Flatpak runtime has been updated to Freedesktop SDK
    24.08
  * fixed: Users could not read mail signed with OpenPGP v6 and
    PQC keys
  * fixed: Image preview in Insert Image dialog failed with CSP
    error for web resources
  * fixed: Emptying trash on exit did not work with some
    providers
  * fixed: Thunderbird could crash when applying filters
  * fixed: Users were unable to override expired mail server
    certificate
  * fixed: Opening Website header link in RSS feed incorrectly
    re-encoded URL parameters
  * fixed: Security fixes

MFSA 2025-85 (bsc#1251263):

  * CVE-2025-11708
    Use-after-free in MediaTrackGraphImpl::GetInstance()
  * CVE-2025-11709
    Out of bounds read/write in a privileged process triggered by
    WebGL textures
  * CVE-2025-11710
    Cross-process information leaked due to malicious IPC
    messages
  * CVE-2025-11711
    Some non-writable Object properties could be modified
  * CVE-2025-11712
    An OBJECT tag type attribute overrode browser behavior on web
    resources without a content-type
  * CVE-2025-11713
    Potential user-assisted code execution in “Copy as cURL”
    command
  * CVE-2025-11714
    Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR
    140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
  * CVE-2025-11715
    Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird
    ESR 140.4, Firefox 144 and Thunderbird 144