SUSE Package Hub - SUSE-PackageHub-16.0-packagehub-72

Update Info

SUSE-PackageHub-16.0-packagehub-72

Security update for MozillaThunderbird

Type: security

Severity: important

Issued: 2026-01-16

Description:

This update for MozillaThunderbird fixes the following issues:

Changes in MozillaThunderbird:

- Mozilla Thunderbird 140.6.0 ESR
  MFSA 2025-96 (bsc#1254551)
  * CVE-2025-14321 (bmo#1992760)
    Use-after-free in the WebRTC: Signaling component
  * CVE-2025-14322 (bmo#1996473)
    Sandbox escape due to incorrect boundary conditions in the
    Graphics: CanvasWebGL component
  * CVE-2025-14323 (bmo#1996555)
    Privilege escalation in the DOM: Notifications component
  * CVE-2025-14324 (bmo#1996840)
    JIT miscompilation in the JavaScript Engine: JIT component
  * CVE-2025-14325 (bmo#1998050)
    JIT miscompilation in the JavaScript Engine: JIT component
  * CVE-2025-14328 (bmo#1996761)
    Privilege escalation in the Netmonitor component
  * CVE-2025-14329 (bmo#1997018)
    Privilege escalation in the Netmonitor component
  * CVE-2025-14330 (bmo#1997503)
    JIT miscompilation in the JavaScript Engine: JIT component
  * CVE-2025-14331 (bmo#2000218)
    Same-origin policy bypass in the Request Handling component
  * CVE-2025-14333 (bmo#1966501, bmo#1997639)
    Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird
    ESR 140.6, Firefox 146 and Thunderbird 146

References

CVE: CVE-2025-14333
CVE: CVE-2025-14331
CVE: CVE-2025-14330
CVE: CVE-2025-14329
CVE: CVE-2025-14328
CVE: CVE-2025-14325
CVE: CVE-2025-14324
CVE: CVE-2025-14323
CVE: CVE-2025-14322
CVE: CVE-2025-14321
Bugzilla: 1254551 VUL-0: MozillaFirefox / MozillaThunderbird: update to 146.0 and 140.6esr

Packages

MozillaThunderbird-140.6.0-bp160.1.1