Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE: Significant Security Update for Mozilla Thunderbird, 10 Issues

suse
Calendar Grey December 15, 2025
Dist Suse Esm H88
Security update for MozillaThunderbird addresses 10 issues, primarily improving safety and functionality.
An update that solves 10 vulnerabilities can now be installed.

Summary

## This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.6 (bsc#1254551). * MFSA 2025-96 * CVE-2025-14321: use-after-free in the WebRTC: Signaling component. * CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. * CVE-2025-14323: privilege escalation in the DOM: Notifications component. * CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component. * CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component. * CVE-2025-14328: privilege escalation in the Netmonitor component. * CVE-2025-14329: privilege escalation in the Netmonitor component. * CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component.

References

* bsc#1254551

Cross-

* CVE-2025-14321

* CVE-2025-14322

* CVE-2025-14323

* CVE-2025-14324

* CVE-2025-14325

* CVE-2025-14328

* CVE-2025-14329

* CVE-2025-14330

* CVE-2025-14331

* CVE-2025-14333

CVSS scores:

* CVE-2025-14321 ( SUSE ): 8.6

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-14321 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-14321 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-14321 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-14322 ( SUSE ): 8.6

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-14322 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-14322 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:4397-1
Release Date: 2025-12-15T11:26:47Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here