|
|
Subscribe / Log in / New account

Mageia alert MGASA-2025-0048 (thunderbird)



From:
              Mageia Updates <updates-announce@ml.mageia.org>


To:
              updates-announce@ml.mageia.org


Subject:
              [updates-announce] MGASA-2025-0048: Updated thunderbird packages fix security vulnerabilities


Date:
              Sun, 09 Feb 2025 01:20:19 +0100


Message-ID:
              <20250209002019.DA9F5A00A5@duvel.mageia.org>


Archive-link:
              Article


MGASA-2025-0048 - Updated thunderbird packages fix security vulnerabilities

Publication date: 09 Feb 2025
URL: https://advisories.mageia.org/MGASA-2025-0048.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2025-1009,
     CVE-2025-1010,
     CVE-2025-1011,
     CVE-2025-1012,
     CVE-2024-11704,
     CVE-2025-1013,
     CVE-2025-1014,
     CVE-2025-1015,
     CVE-2025-0510,
     CVE-2025-1016,
     CVE-2025-1017

Description:
Use-after-free in XSLT. (CVE-2025-1009)
Use-after-free in Custom Highlight. (CVE-2025-1010)
A bug in WebAssembly code generation could result in a crash.
(CVE-2025-1011)
Use-after-free during concurrent delazification. (CVE-2025-1012)
Potential double-free vulnerability in PKCS#7 decryption handling.
(CVE-2024-11704)
Potential opening of private browsing tabs in normal browsing windows.
(CVE-2025-1013)
Certificate length was not properly checked. (CVE-2025-1014)
Unsanitized address book fields. (CVE-2025-1015)
Address of e-mail sender can be spoofed by malicious email.
(CVE-2025-0510)
Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR
115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7.
(CVE-2025-1016)
Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR
128.7, and Thunderbird 128.7. (CVE-2025-1017)

References:
- https://bugs.mageia.org/show_bug.cgi?id=33984
- https://www.thunderbird.net/en-US/thunderbird/128.7.0esr/...
- https://www.mozilla.org/en-US/security/advisories/mfsa202...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1009
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1010
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1011
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1012
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1013
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1014
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1015
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0510
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1016
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1017

SRPMS:
- 9/core/thunderbird-128.7.0-1.mga9
- 9/core/thunderbird-l10n-128.7.0-1.mga9
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds