Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: MozillaThunderbird Important Security Updates 2025:03309-1

suse
Calendar Grey September 23, 2025
Dist Suse Esm H88
Critical security flaws identified in Mozilla Thunderbird for SUSE systems, necessitating immediate updates.
* bsc#1249391 Cross-References: * CVE-2025-10527 * CVE-2025-10528

Summary

## This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.3 (bsc#1249391). Security issues fixed: * MFSA 2025-78 * CVE-2025-10527: sandbox escape due to use-after-free in the Graphics: Canvas2D component. * CVE-2025-10528: sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. * CVE-2025-10529: same-origin policy bypass in the Layout component. * CVE-2025-10532: incorrect boundary conditions in the JavaScript: GC component. * CVE-2025-10533: integer overflow in the SVG component. * CVE-2025-10536: information disclosure in the Networking: Cache component. * CVE-2025-10537: memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Other issues fixed:

Topics%20covered

Topics Covered

security advisory SuSE important memory safety sandbox escape MozillaThunderbird

References

* bsc#1249391

Cross-

* CVE-2025-10527

* CVE-2025-10528

* CVE-2025-10529

* CVE-2025-10532

* CVE-2025-10533

* CVE-2025-10536

* CVE-2025-10537

CVSS scores:

* CVE-2025-10527 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

* CVE-2025-10528 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2025-10529 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2025-10532 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2025-10533 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-10536 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2025-10537 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6

* SUSE Linux Enterprise Desktop 15 SP6

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:03309-1
Release Date: 2025-09-23T14:30:39Z
Rating: important

Topics%20covered

Topics Covered

security advisory SuSE important memory safety sandbox escape MozillaThunderbird

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here