Mageia: 2025-0126 Moderate: Thunderbird URL Spoofing & Memory Flaws

mageia

April 5, 2025

Use-after-free triggered by XSLTProcessor

Summary

Use-after-free triggered by XSLTProcessor. (CVE-2025-3028) URL Bar Spoofing via non-BMP Unicode characters. (CVE-2025-3029) Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. (CVE-2025-3030)

References

- https://bugs.mageia.org/show_bug.cgi?id=34155

- https://www.thunderbird.net/en-US/thunderbird/128.9.0esr/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-24/

- https://www.cve.org/CVERecord?id=CVE-2025-3028

- https://www.cve.org/CVERecord?id=CVE-2025-3029

- https://www.cve.org/CVERecord?id=CVE-2025-3030

Topics Covered

security advisory memory safety Mozilla Thunderbird Mageia URL spoofing XSLTProcessor

Resolution

SRPMS

- 9/core/thunderbird-128.9.0-1.mga9

- 9/core/thunderbird-l10n-128.9.0-1.mga9

Publication date: 05 Apr 2025

URL: https://advisories.mageia.org/MGASA-2025-0126.html

Type: security

CVE: CVE-2025-3028, CVE-2025-3029, CVE-2025-3030

Topics Covered

security advisory memory safety Mozilla Thunderbird Mageia URL spoofing XSLTProcessor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia: 2025-0126 Moderate: Thunderbird URL Spoofing & Memory Flaws

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia: 2025-0126 Moderate: Thunderbird URL Spoofing & Memory Flaws

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!