Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Mageia: Thunderbird Important Memory Safety Issues MGASA-2025-0247

mageia
Calendar Grey October 23, 2025
Dist Mageia Esm H88
Updated Thunderbird packages in Mageia address multiple security issues, ensuring user safety and system integrity.

MGASA-2025-0247 - Updated thunderbird packgaes fix security vulnerabilities

Summary

Description: CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could be modified CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144, and other security fixes; please see the links.

References

- https://bugs.mageia.org/show_bug.cgi?id=34638

- https://www.thunderbird.net/en-US/thunderbird/140.4.0esr/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/

- https://www.thunderbird.net/en-US/thunderbird/140.4.0esr/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/

- https://www.thunderbird.net/en-US/thunderbird/140.3.1esr/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/140.3.0esr/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/

- https://www.cve.org/CVERecord?id=CVE-2025-10527

- https://www.cve.org/CVERecord?id=CVE-2025-10528

- https://www.cve.org/CVERecord?id=CVE-2025-10529

- https://www.cve.org/CVERecord?id=CVE-2025-10532

- https://www.cve.org/CVERecord?id=CVE-2025-10533

- https://www.cve.org/CVERecord?id=CVE-2025-10536

- https://www.cve.org/CVERecord?id=CVE-2025-10537

- https://www.cve.org/CVERecord?id=CVE-2025-11708

- https://www.cve.org/CVERecord?id=CVE-2025-11709

- https://www.cve.org/CVERecord?id=CVE-2025-11710

- https://www.cve.org/CVERecord?id=CVE-2025-11711

- https://www.cve.org/CVERecord?id=CVE-2025-11712

- https://www.cve.org/CVERecord?id=CVE-2025-11713

- https://www.cve.org/CVERecord?id=CVE-2025-11714

- https://www.cve.org/CVERecord?id=CVE-2025-11715

Topics%20covered

Topics Covered

security advisory code execution important thunderbird memory safety Mageia

Resolution

SRPMS

- 9/core/thunderbird-140.4.0-1.2.mga9

- 9/core/thunderbird-l10n-140.4.0-1.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 23 Oct 2025
URL: https://advisories.mageia.org/MGASA-2025-0247.html
Type: security
CVE: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532, CVE-2025-10533, CVE-2025-10536, CVE-2025-10537, CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-11711, CVE-2025-11712, CVE-2025-11713, CVE-2025-11714, CVE-2025-11715

Topics%20covered

Topics Covered

security advisory code execution important thunderbird memory safety Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here