Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Mageia: Thunderbird Important Bugs Fixed MGASA-2025-0228 CVE-2025-6424

mageia
Calendar Grey September 5, 2025
Dist Mageia Esm H88
The latest Firefox updates for Linux address several critical vulnerabilities, significantly improving the browser's security and performance.
MGASA-2025-0228 - Updated thunderbird packages fix vulnerabilities

Summary

Description: Use-after-free in FontFaceSet. (CVE-2025-6424) The WebCompat WebExtension shipped exposed a persistent UUID. (CVE-2025-6425) Incorrect parsing of URLs could have allowed embedding of youtube.com. (CVE-2025-6429) Content-Disposition header ignored when a file is included in an embed or object tag. (CVE-2025-6430) JavaScript engine only wrote partial return value to stack. (CVE-2025-8027) Large branch table could lead to truncated instruction. (CVE-2025-8028) Javascript: URLs executed on object and embed tags. (CVE-2025-8029) Potential user-assisted code execution in “Copy as cURL” command. (CVE-2025-8030) Incorrect URL stripping in CSP reports. (CVE-2025-8031) XSLT documents could bypass CSP. (CVE-2025-8032) Incorrect JavaScript state machine for generators. (CVE-2025-8033) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8034) Memory safety...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=34415

- https://www.thunderbird.net/en-US/thunderbird/128.12.0esr/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-55/

- https://www.thunderbird.net/en-US/thunderbird/128.13.0esr/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/

- https://www.thunderbird.net/en-US/thunderbird/128.14.0esr/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/

- https://www.cve.org/CVERecord?id=CVE-2025-6424

- https://www.cve.org/CVERecord?id=CVE-2025-6425

- https://www.cve.org/CVERecord?id=CVE-2025-6429

- https://www.cve.org/CVERecord?id=CVE-2025-6430

- https://www.cve.org/CVERecord?id=CVE-2025-8027

- https://www.cve.org/CVERecord?id=CVE-2025-8028

- https://www.cve.org/CVERecord?id=CVE-2025-8029

- https://www.cve.org/CVERecord?id=CVE-2025-8030

- https://www.cve.org/CVERecord?id=CVE-2025-8031

- https://www.cve.org/CVERecord?id=CVE-2025-8032

- https://www.cve.org/CVERecord?id=CVE-2025-8033

- https://www.cve.org/CVERecord?id=CVE-2025-8034

- https://www.cve.org/CVERecord?id=CVE-2025-8035

- https://www.cve.org/CVERecord?id=CVE-2025-9179

- https://www.cve.org/CVERecord?id=CVE-2025-9180

- https://www.cve.org/CVERecord?id=CVE-2025-9181

- https://www.cve.org/CVERecord?id=CVE-2025--9185

Topics%20covered

Topics Covered

security advisory important execution thunderbird sandbox Mageia

Resolution

SRPMS

- 9/core/thunderbird-128.14.0-1.mga9

- 9/core/thunderbird-l10n-128.14.0-1.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 05 Sep 2025
URL: https://advisories.mageia.org/MGASA-2025-0228.html
Type: security
CVE: CVE-2025-6424, CVE-2025-6425, CVE-2025-6429, CVE-2025-6430, CVE-2025-8027, CVE-2025-8028, CVE-2025-8029, CVE-2025-8030, CVE-2025-8031, CVE-2025-8032, CVE-2025-8033, CVE-2025-8034, CVE-2025-8035, CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025--9185

Topics%20covered

Topics Covered

security advisory important execution thunderbird sandbox Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here