Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 9 MGASA-2025-0048 moderate: thunderbird multiple fixes

mageia
Calendar Grey February 9, 2025
Dist Mageia Esm H88
The latest Thunderbird updates in Mageia address several security vulnerabilities, particularly a significant use-after-free flaw.
Use-after-free in XSLT

Summary

Use-after-free in XSLT. (CVE-2025-1009) Use-after-free in Custom Highlight. (CVE-2025-1010) A bug in WebAssembly code generation could result in a crash. (CVE-2025-1011) Use-after-free during concurrent delazification. (CVE-2025-1012) Potential double-free vulnerability in PKCS#7 decryption handling. (CVE-2024-11704) Potential opening of private browsing tabs in normal browsing windows. (CVE-2025-1013) Certificate length was not properly checked. (CVE-2025-1014) Unsanitized address book fields. (CVE-2025-1015) Address of e-mail sender can be spoofed by malicious email. (CVE-2025-0510) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7. (CVE-2025-1016) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. (CVE-2025-1017)

References

- https://bugs.mageia.org/show_bug.cgi?id=33984

- https://www.thunderbird.net/en-US/thunderbird/128.7.0esr/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/

- https://www.cve.org/CVERecord?id=CVE-2025-1009

- https://www.cve.org/CVERecord?id=CVE-2025-1010

- https://www.cve.org/CVERecord?id=CVE-2025-1011

- https://www.cve.org/CVERecord?id=CVE-2025-1012

- https://www.cve.org/CVERecord?id=CVE-2024-11704

- https://www.cve.org/CVERecord?id=CVE-2025-1013

- https://www.cve.org/CVERecord?id=CVE-2025-1014

- https://www.cve.org/CVERecord?id=CVE-2025-1015

- https://www.cve.org/CVERecord?id=CVE-2025-0510

- https://www.cve.org/CVERecord?id=CVE-2025-1016

- https://www.cve.org/CVERecord?id=CVE-2025-1017

Topics%20covered

Topics Covered

security advisory software update bug fix thunderbird memory safety use-after-free Mageia

Resolution

SRPMS

- 9/core/thunderbird-128.7.0-1.mga9

- 9/core/thunderbird-l10n-128.7.0-1.mga9

Publication date: 09 Feb 2025
URL: https://advisories.mageia.org/MGASA-2025-0048.html
Type: security
CVE: CVE-2025-1009, CVE-2025-1010, CVE-2025-1011, CVE-2025-1012, CVE-2024-11704, CVE-2025-1013, CVE-2025-1014, CVE-2025-1015, CVE-2025-0510, CVE-2025-1016, CVE-2025-1017

Topics%20covered

Topics Covered

security advisory software update bug fix thunderbird memory safety use-after-free Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here