openSUSE: MozillaThunderbird Important Security Update 2025-20006-1

opensuse

November 10, 2025

An update that solves 7 vulnerabilities and has one bug fix can now be installed.

Description

This update for MozillaThunderbird fixes the following issues:

Changes in MozillaThunderbird:

Mozilla Thunderbird 140.3.0 ESR:

* Right-clicking 'List-ID' -> 'Unsubscribe' created double encoded

draft subject

* Thunderbird could crash on startup

* Thunderbird could crash when importing mail

* Opening Website header link in RSS feed incorrectly re-encoded

URL parameters

MFSA 2025-78 (bsc#1249391)

* CVE-2025-10527

Sandbox escape due to use-after-free in the Graphics:

Canvas2D component

* CVE-2025-10528

Sandbox escape due to undefined behavior, invalid pointer in

the Graphics: Canvas2D component

* CVE-2025-10529

Same-origin policy bypass in the Layout component

* CVE-2025-10532

Incorrect boundary conditions in the JavaScript: GC component

* CVE-2025-10533

Integer overflow in the SVG component

* CVE-2025-10536

Information disclosure in the Networking: Cache component

* CVE-2025-10537

Memory safety bugs fixed in Firefox...

Read the Full Advisory

Topics Covered

security advisory bug fix important OpenSUSE sandbox escape MozillaThunderbird

Patch

Package List

- openSUSE Leap 16.0:

MozillaThunderbird-140.3.0-bp160.1.1

MozillaThunderbird-openpgp-librnp-140.3.0-bp160.1.1

MozillaThunderbird-translations-common-140.3.0-bp160.1.1

MozillaThunderbird-translations-other-140.3.0-bp160.1.1

References

* bsc#1249391

References:

* https://www.suse.com/security/cve/CVE-2025-10527.html

* https://www.suse.com/security/cve/CVE-2025-10528.html

* https://www.suse.com/security/cve/CVE-2025-10529.html

* https://www.suse.com/security/cve/CVE-2025-10532.html

* https://www.suse.com/security/cve/CVE-2025-10533.html

* https://www.suse.com/security/cve/CVE-2025-10536.html

* https://www.suse.com/security/cve/CVE-2025-10537.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: openSUSE-SU-2025-20006-1

Rating: important

Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics Covered

security advisory bug fix important OpenSUSE sandbox escape MozillaThunderbird

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE: MozillaThunderbird Important Security Update 2025-20006-1

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE: MozillaThunderbird Important Security Update 2025-20006-1

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!