SUSE-SU-2025:4397-1

Details

This update for MozillaThunderbird fixes the following issues:

Update to Mozilla Thunderbird 140.6 (bsc#1254551).

MFSA 2025-96
- CVE-2025-14321: use-after-free in the WebRTC: Signaling component.
- CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component.
- CVE-2025-14323: privilege escalation in the DOM: Notifications component.
- CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component.
- CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component.
- CVE-2025-14328: privilege escalation in the Netmonitor component.
- CVE-2025-14329: privilege escalation in the Netmonitor component.
- CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component.
- CVE-2025-14331: same-origin policy bypass in the Request Handling component.
- CVE-2025-14333: memory safety bugs.

Affected Packages

MozillaThunderbird

SUSE Linux Enterprise Module for Package Hub 15 SP6SUSE Linux Enterprise Module for Package Hub 15 SP7SUSE Linux Enterprise Workstation Extension 15 SP6SUSE Linux Enterprise Workstation Extension 15 SP7openSUSE Leap 15.6

Fixed in:

140.6.0-150200.8.248.1

MozillaThunderbird-translations-common

SUSE Linux Enterprise Module for Package Hub 15 SP6SUSE Linux Enterprise Module for Package Hub 15 SP7SUSE Linux Enterprise Workstation Extension 15 SP6SUSE Linux Enterprise Workstation Extension 15 SP7openSUSE Leap 15.6

Fixed in:

140.6.0-150200.8.248.1

MozillaThunderbird-translations-other

SUSE Linux Enterprise Module for Package Hub 15 SP6SUSE Linux Enterprise Module for Package Hub 15 SP7SUSE Linux Enterprise Workstation Extension 15 SP6SUSE Linux Enterprise Workstation Extension 15 SP7openSUSE Leap 15.6

Fixed in:

140.6.0-150200.8.248.1

References

SUSE-SU-2025:4397-1

Details

Affected Packages

References

Upstream

Related

Ecosystems

Timeline