openSUSE Leap 16.0: MozillaThunderbird Important Fix DoS CVE-2025-13012

opensuse

January 3, 2026

An update that solves 9 vulnerabilities and has one bug fix can now be installed.

Description

This update for MozillaThunderbird fixes the following issues:

Changes in MozillaThunderbird:

Mozilla Thunderbird 140.5.0 ESR

MFSA 2025-91 (bsc#1253188):

* CVE-2025-13012

Race condition in the Graphics component

* CVE-2025-13016

Incorrect boundary conditions in the JavaScript: WebAssembly

component

* CVE-2025-13017

Same-origin policy bypass in the DOM: Notifications component

* CVE-2025-13018

Mitigation bypass in the DOM: Security component

* CVE-2025-13019

Same-origin policy bypass in the DOM: Workers component

* CVE-2025-13013

Mitigation bypass in the DOM: Core & HTML component

* CVE-2025-13020

Use-after-free in the WebRTC: Audio/Video component

* CVE-2025-13014

Use-after-free in the Audio/Video component

* CVE-2025-13015

Spoofing issue in Thunderbird

* fixed: Could not drag and drop ICS file to Today Pane

* fixed: With Thunderbird closed, clicking a 'mailto:' link to

send signed message failed

* fixed: Upgrade...

Read the Full Advisory

Topics Covered

security advisory denial of service bug fix important mozilla thunderbird OpenSUSE

Patch

Package List

- openSUSE Leap 16.0:

MozillaThunderbird-140.5.0-bp160.1.1

MozillaThunderbird-openpgp-librnp-140.5.0-bp160.1.1

MozillaThunderbird-translations-common-140.5.0-bp160.1.1

MozillaThunderbird-translations-other-140.5.0-bp160.1.1

References

* bsc#1253188

References:

* https://www.suse.com/security/cve/CVE-2025-13012.html

* https://www.suse.com/security/cve/CVE-2025-13013.html

* https://www.suse.com/security/cve/CVE-2025-13014.html

* https://www.suse.com/security/cve/CVE-2025-13015.html

* https://www.suse.com/security/cve/CVE-2025-13016.html

* https://www.suse.com/security/cve/CVE-2025-13017.html

* https://www.suse.com/security/cve/CVE-2025-13018.html

* https://www.suse.com/security/cve/CVE-2025-13019.html

* https://www.suse.com/security/cve/CVE-2025-13020.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: openSUSE-SU-2026:20002-1

Rating: important

Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics Covered

security advisory denial of service bug fix important mozilla thunderbird OpenSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE Leap 16.0: MozillaThunderbird Important Fix DoS CVE-2025-13012

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE Leap 16.0: MozillaThunderbird Important Fix DoS CVE-2025-13012

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!