Red Hat alert RHSA-2025:8631-01 (thunderbird)
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918) * firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919) * firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details (CVE-2025-5267) * firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264) * firefox: thunderbird: Memory safety bugs (CVE-2025-5268) * firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266) * firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content (CVE-2025-5263) * firefox: thunderbird: Memory safety bug (CVE-2025-5269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.Original: https://access.redhat.com/security/data/csaf/v2/advisories/2025/rhsa-2025_8631.json