Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

SUSE: MozillaThunderbird Important Security Issues Vuln 2025:4195-1

suse
Calendar Grey November 24, 2025
Dist Suse Esm H88
Critical updates for MozillaThunderbird patching important security issues released on openSUSE.
* bsc#1253188 Cross-References: * CVE-2025-13012 * CVE-2025-13013

Summary

## This update for MozillaThunderbird fixes the following issues: * Update Mozilla Thunderbird to version 140.5 (bsc#1253188) * CVE-2025-13012: Race condition in the Graphics component. * CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component. * CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component. * CVE-2025-13018: Mitigation bypass in the DOM: Security component. * CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component. * CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component. * CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component. * CVE-2025-13014: Use-after-free in the Audio/Video component. * CVE-2025-13015: Spoofing issue in Thunderbird. ## Patch Instructions:

References

* bsc#1253188

Cross-

* CVE-2025-13012

* CVE-2025-13013

* CVE-2025-13014

* CVE-2025-13015

* CVE-2025-13016

* CVE-2025-13017

* CVE-2025-13018

* CVE-2025-13019

* CVE-2025-13020

CVSS scores:

* CVE-2025-13012 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-13012 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-13013 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

* CVE-2025-13013 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

* CVE-2025-13014 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

* CVE-2025-13014 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-13015 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:4195-1
Release Date: 2025-11-24T10:54:03Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.