SUSE-SU-2025:4195-1

Details

This update for MozillaThunderbird fixes the following issues:

Update Mozilla Thunderbird to version 140.5 (bsc#1253188)
CVE-2025-13012: Race condition in the Graphics component.
CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component.
CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component.
CVE-2025-13018: Mitigation bypass in the DOM: Security component.
CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component.
CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component.
CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component.
CVE-2025-13014: Use-after-free in the Audio/Video component.
CVE-2025-13015: Spoofing issue in Thunderbird.

Affected Packages

MozillaThunderbird

SUSE Linux Enterprise Module for Package Hub 15 SP6SUSE Linux Enterprise Module for Package Hub 15 SP7SUSE Linux Enterprise Workstation Extension 15 SP6SUSE Linux Enterprise Workstation Extension 15 SP7openSUSE Leap 15.6

Fixed in:

140.5.0-150200.8.245.1

MozillaThunderbird-translations-common

SUSE Linux Enterprise Module for Package Hub 15 SP6SUSE Linux Enterprise Module for Package Hub 15 SP7SUSE Linux Enterprise Workstation Extension 15 SP6SUSE Linux Enterprise Workstation Extension 15 SP7openSUSE Leap 15.6

Fixed in:

140.5.0-150200.8.245.1

MozillaThunderbird-translations-other

SUSE Linux Enterprise Module for Package Hub 15 SP6SUSE Linux Enterprise Module for Package Hub 15 SP7SUSE Linux Enterprise Workstation Extension 15 SP6SUSE Linux Enterprise Workstation Extension 15 SP7openSUSE Leap 15.6

Fixed in:

140.5.0-150200.8.245.1

References

SUSE-SU-2025:4195-1

Details

Affected Packages

References

Upstream

Related

Ecosystems

Timeline