Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

SUSE: 2025:0405-1 important: MozillaThunderbird security issues and fixes

suse
Calendar Grey February 10, 2025
Dist Suse Esm H88
Essential security patches for Mozilla Thunderbird to mitigate several threats, enhancing overall defense.
* bsc#1236411 * bsc#1236539 Cross-References: * CVE-2024-11704

Summary

## This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.7 (MFSA 2025-10, bsc#1236539). Security fixes: * CVE-2025-1009: use-after-free in XSLT. * CVE-2025-1010: use-after-free in Custom Highlight. * CVE-2025-1011: a bug in WebAssembly code generation could result in a crash. * CVE-2025-1012: use-after-free during concurrent delazification. * CVE-2024-11704: potential double-free vulnerability in PKCS#7 decryption handling. * CVE-2025-1013: potential opening of private browsing tabs in normal browsing windows. * CVE-2025-1014: certificate length was not properly checked. * CVE-2025-1015: unsanitized address book fields. * CVE-2025-0510: address of e-mail sender can be spoofed by malicious email. * CVE-2025-1016: memory safety bugs.

References

* bsc#1236411

* bsc#1236539

Cross-

* CVE-2024-11704

* CVE-2025-0510

* CVE-2025-1009

* CVE-2025-1010

* CVE-2025-1011

* CVE-2025-1012

* CVE-2025-1013

* CVE-2025-1014

* CVE-2025-1015

* CVE-2025-1016

* CVE-2025-1017

CVSS scores:

* CVE-2024-11704 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-0510 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

* CVE-2025-0510 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

* CVE-2025-0510 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

* CVE-2025-1009 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

* CVE-2025-1009 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-1009 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:0405-1
Release Date: 2025-02-10T13:54:56Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here