Explore top 10 tips to secure your open-source projects now. Read More
×
## This update for MozillaThunderbird fixes the following issues: * Update Mozilla Thunderbird to version 140.5 (bsc#1253188) * CVE-2025-13012: Race condition in the Graphics component. * CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component. * CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component. * CVE-2025-13018: Mitigation bypass in the DOM: Security component. * CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component. * CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component. * CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component. * CVE-2025-13014: Use-after-free in the Audio/Video component. * CVE-2025-13015: Spoofing issue in Thunderbird. ## Patch Instructions:
* bsc#1253188
Cross-
* CVE-2025-13012
* CVE-2025-13013
* CVE-2025-13014
* CVE-2025-13015
* CVE-2025-13016
* CVE-2025-13017
* CVE-2025-13018
* CVE-2025-13019
* CVE-2025-13020
CVSS scores:
* CVE-2025-13012 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-13012 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-13013 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2025-13013 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2025-13014 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2025-13014 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-13015 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
Get the latest Linux and open source security news straight to your inbox.