Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: MozillaThunderbird Important Fix DoS Memory Leak 2025:4006-1

suse
Calendar Grey November 10, 2025
Dist Suse Esm H88
Critical update for SUSE MozillaThunderbird addresses important security issues requiring immediate attention.
* bsc#1251263 Cross-References: * CVE-2025-11708 * CVE-2025-11709

Summary

## This update for MozillaThunderbird fixes the following issue: Mozilla Thunderbird is updated to 140.4. * changed: Account Hub is now disabled by default for second email account (bmo#1992027) * changed: Flatpak runtime has been updated to Freedesktop SDK 24.08 (bmo#1952100) * fixed: Users could not read mail signed with OpenPGP v6 and PQC keys (bmo#1986845) * fixed: Image preview in Insert Image dialog failed with CSP error for web resources (bmo#1989392) * fixed: Emptying trash on exit did not work with some providers (bmo#1975147) * fixed: Thunderbird could crash when applying filters (bmo#1987880) * fixed: Users were unable to override expired mail server certificate (bmo#1979323) * fixed: Opening Website header link in RSS feed incorrectly re-encoded URL parameters (bmo#1971035) Security fixes:

Topics%20covered

Topics Covered

security advisory information leak SuSE important memory safety MozillaThunderbird

References

* bsc#1251263

Cross-

* CVE-2025-11708

* CVE-2025-11709

* CVE-2025-11710

* CVE-2025-11711

* CVE-2025-11712

* CVE-2025-11713

* CVE-2025-11714

* CVE-2025-11715

CVSS scores:

* CVE-2025-11708 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-11709 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-11710 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-11711 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

* CVE-2025-11712 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

* CVE-2025-11713 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

* CVE-2025-11714 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-11715 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:4006-1
Release Date: 2025-11-10T08:00:30Z
Rating: important

Topics%20covered

Topics Covered

security advisory information leak SuSE important memory safety MozillaThunderbird

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here