Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: MozillaThunderbird Important Update CVE-2025-6424 Security Advisory

suse
Calendar Grey July 30, 2025
Dist Suse Esm H88
Important notification regarding MozillaThunderbird for SUSE, targeting several concerns to boost reliability and safety. Please update without delay!
* bsc#1244670 * bsc#1246664 Cross-References: * CVE-2025-6424

Summary

## This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.1 (MFSA 2025-63) (bsc#1246664): * CVE-2025-8027: JavaScript engine only wrote partial return value to stack (bmo#1968423) * CVE-2025-8028: Large branch table could lead to truncated instruction (bmo#1971581) * CVE-2025-8029: javascript: URLs executed on object and embed tags (bmo#1928021) * CVE-2025-8036: DNS rebinding circumvents CORS (bmo#1960834) * CVE-2025-8037: Nameless cookies shadow secure cookies (bmo#1964767) * CVE-2025-8030: Potential user-assisted code execution in "Copy as cURL" command (bmo#1968414) * CVE-2025-8031: Incorrect URL stripping in CSP reports (bmo#1971719) * CVE-2025-8032: XSLT documents could bypass CSP (bmo#1974407)

Topics%20covered

Topics Covered

security advisory SuSE Javascript important memory safety MozillaThunderbird

References

* bsc#1244670

* bsc#1246664

Cross-

* CVE-2025-6424

* CVE-2025-6425

* CVE-2025-6426

* CVE-2025-6427

* CVE-2025-6429

* CVE-2025-6430

* CVE-2025-6432

* CVE-2025-6433

* CVE-2025-6434

* CVE-2025-6435

* CVE-2025-6436

* CVE-2025-8027

* CVE-2025-8028

* CVE-2025-8029

* CVE-2025-8030

* CVE-2025-8031

* CVE-2025-8032

* CVE-2025-8033

* CVE-2025-8034

* CVE-2025-8035

* CVE-2025-8036

* CVE-2025-8037

* CVE-2025-8038

* CVE-2025-8039

* CVE-2025-8040

CVSS scores:

* CVE-2025-6424 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-6424 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-6424 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-6425 ( SUSE ): 5.3

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:02546-1
Release Date: 2025-07-30T07:34:30Z
Rating: important

Topics%20covered

Topics Covered

security advisory SuSE Javascript important memory safety MozillaThunderbird

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here