Mageia 9: MGASA-2025-0010 High: Thunderbird JavaScript Memory Issues
mageia
January 14, 2025
WebChannel APIs susceptible to confused deputy attack
Summary
WebChannel APIs susceptible to confused deputy attack. (CVE-2025-0237)
Use-after-free when breaking lines in text. (CVE-2025-0238)
Alt-Svc ALPN validation failure when redirected. (CVE-2025-0239)
Compartment mismatch when parsing JavaScript JSON module.
(CVE-2025-0240)
Memory corruption when using JavaScript Text Segmentation.
(CVE-2025-0241)
Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR
115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6.
(CVE-2025-0242)
Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR
128.6, and Thunderbird 128.6. (CVE-2025-0243)
References
- https://bugs.mageia.org/show_bug.cgi?id=33900
- https://www.thunderbird.net/en-US/thunderbird/128.6.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/
- https://www.cve.org/CVERecord?id=CVE-2025-0237
- https://www.cve.org/CVERecord?id=CVE-2025-0238
- https://www.cve.org/CVERecord?id=CVE-2025-0239
- https://www.cve.org/CVERecord?id=CVE-2025-0240
- https://www.cve.org/CVERecord?id=CVE-2025-0241
- https://www.cve.org/CVERecord?id=CVE-2025-0242
- https://www.cve.org/CVERecord?id=CVE-2025-0243
Resolution
SRPMS
- 9/core/thunderbird-128.6.0-1.mga9
- 9/core/thunderbird-l10n-128.6.0-1.mga9
PREVIOUS
NEXT
Publication date: 14 Jan 2025
URL: https://advisories.mageia.org/MGASA-2025-0010.html
Type: security
CVE: CVE-2025-0237,
CVE-2025-0238,
CVE-2025-0239,
CVE-2025-0240,
CVE-2025-0241,
CVE-2025-0242,
CVE-2025-0243
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!