Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia 2025-0093: thunderbird thunderbird-l10n Security Advisory Updates

mageia
Calendar Grey March 12, 2025
Dist Mageia Esm H88
Security advisory for Mageia updates addressing critical use-after-free and overflow vulnerabilities in Thunderbird software.
CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process CVE-2025-1931: Use-after-free ...

Summary

CVE-2024-43097: Overflow when growing an SkRegion's RunArray CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process CVE-2025-1931: Use-after-free in WebTransportChild CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs CVE-2025-1934: Unexpected GC during RegExp bailout processing CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8

References

- https://bugs.mageia.org/show_bug.cgi?id=34065

- https://www.thunderbird.net/en-US/thunderbird/128.8.0esr/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/

- https://www.cve.org/CVERecord?id=CVE-2024-43097

- https://www.cve.org/CVERecord?id=CVE-2025-1931

- https://www.cve.org/CVERecord?id=CVE-2025-1932

- https://www.cve.org/CVERecord?id=CVE-2025-1933

- https://www.cve.org/CVERecord?id=CVE-2025-1934

- https://www.cve.org/CVERecord?id=CVE-2025-1935

- https://www.cve.org/CVERecord?id=CVE-2025-1936

- https://www.cve.org/CVERecord?id=CVE-2025-1937

- https://www.cve.org/CVERecord?id=CVE-2025-1938

Topics%20covered

Topics Covered

security advisory buffer overflow thunderbird memory safety use-after-free Mageia l10n

Resolution

SRPMS

- 9/core/thunderbird-128.8.0-1.mga9

- 9/core/thunderbird-l10n-128.8.0-1.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 12 Mar 2025
URL: https://advisories.mageia.org/MGASA-2025-0093.html
Type: security
CVE: CVE-2024-43097, CVE-2025-1931, CVE-2025-1932, CVE-2025-1933, CVE-2025-1934, CVE-2025-1935, CVE-2025-1936, CVE-2025-1937, CVE-2025-1938

Topics%20covered

Topics Covered

security advisory buffer overflow thunderbird memory safety use-after-free Mageia l10n

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here