drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in MozillaThunderbird
| Name: |
Mehrere Probleme in MozillaThunderbird |
|
| ID: |
SUSE-SU-2025:0405-1 |
|
| Distribution: |
SUSE |
|
| Plattformen: |
SUSE Linux Enterprise Desktop 15 SP6, SUSE Linux Enterprise Server for SAP Applications 15 SP6, SUSE Linux Enterprise Server 15 SP6, SUSE Linux Enterprise Real Time 15 SP6, SUSE openSUSE Leap 15.6, SUSE Package Hub 15 15-SP6, SUSE Linux Enterprise Workstation Extension 15 SP6 |
|
| Datum: |
Mo, 10. Februar 2025, 19:18 |
|
| Referenzen: |
https://www.cve.org/CVERecord?id=CVE-2025-1016
https://www.cve.org/CVERecord?id=CVE-2025-1010
https://www.cve.org/CVERecord?id=CVE-2024-11704
https://www.cve.org/CVERecord?id=CVE-2025-1009
https://www.cve.org/CVERecord?id=CVE-2025-0510
https://www.cve.org/CVERecord?id=CVE-2025-1014
https://www.cve.org/CVERecord?id=CVE-2025-1012
https://www.cve.org/CVERecord?id=CVE-2025-1015
https://www.cve.org/CVERecord?id=CVE-2025-1013
https://www.cve.org/CVERecord?id=CVE-2025-1017
https://www.cve.org/CVERecord?id=CVE-2025-1011 |
|
| Applikationen: |
Mozilla Thunderbird |
|
Originalnachricht |
--===============7491721168082746816==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
# Security update for MozillaThunderbird
Announcement ID: SUSE-SU-2025:0405-1
Release Date: 2025-02-10T13:54:56Z
Rating: important
References:
* bsc#1236411
* bsc#1236539
Cross-References:
* CVE-2024-11704
* CVE-2025-0510
* CVE-2025-1009
* CVE-2025-1010
* CVE-2025-1011
* CVE-2025-1012
* CVE-2025-1013
* CVE-2025-1014
* CVE-2025-1015
* CVE-2025-1016
* CVE-2025-1017
CVSS scores:
* CVE-2024-11704 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-0510 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2025-0510 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2025-0510 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2025-1009 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-1009 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1009 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1010 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-1010 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1010 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1011 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1011 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1011 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1012 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1012 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1012 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1013 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2025-1013 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-1014 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-1014 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1014 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1015 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1015 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-1015 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-1016 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1016 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1016 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1017 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-1017 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-1017 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP6
* SUSE Package Hub 15 15-SP6
An update that solves 11 vulnerabilities can now be installed.
## Description:
This update for MozillaThunderbird fixes the following issues:
Update to Mozilla Thunderbird 128.7 (MFSA 2025-10, bsc#1236539).
Security fixes:
* CVE-2025-1009: use-after-free in XSLT.
* CVE-2025-1010: use-after-free in Custom Highlight.
* CVE-2025-1011: a bug in WebAssembly code generation could result in a
crash.
* CVE-2025-1012: use-after-free during concurrent delazification.
* CVE-2024-11704: potential double-free vulnerability in PKCS#7 decryption
handling.
* CVE-2025-1013: potential opening of private browsing tabs in normal
browsing
windows.
* CVE-2025-1014: certificate length was not properly checked.
* CVE-2025-1015: unsanitized address book fields.
* CVE-2025-0510: address of e-mail sender can be spoofed by malicious email.
* CVE-2025-1016: memory safety bugs.
* CVE-2025-1017: memory safety bugs.
Other fixes:
* fixed: images inside links could zoom when clicked instead of opening the
link.
* fixed: compacting an empty folder failed with write error.
* fixed: compacting of IMAP folder with corrupted local storage failed with
write error.
* fixed: after restart, all restored tabs with opened PDFs showed the same
attachment.
* fixed: exceptions during CalDAV item processing would halt subsequent item
handling.
* fixed: context menu was unable to move email address to a different field.
* fixed: link at about:rights pointed to Firefox privacy policy instead of
Thunderbird's.
* fixed: POP3 'fetch headers only' and 'get selected
messages' could delete
messages.
* fixed: 'Search Online' checkbox in saved search properties was
incorrectly
disabled.
* fixed: POP3 status message showed incorrect download count when messages
were deleted.
* fixed: space bar did not always advance to the next unread message.
* fixed: folder creation or renaming failed due to incorrect preference
settings.
* fixed: forwarding/editing S/MIME drafts/templates unusable due to
regression
(bsc#1236411).
* fixed: sort order in 'Search Messages' panel reset after search or
on first
launch.
* fixed: reply window added an unnecessary third blank line at the top.
* fixed: Thunderbird spell check box did not allow ENTER to accept suggested
changes.
* fixed: long email subject lines could overlap window control buttons on
macOS.
* fixed: flathub manifest link was not correct.
* fixed: 'Prefer client-side email scheduling' needed to be selected
twice.
* fixed: duplicate invitations were sent if CALDAV calendar email case did
not
match.
* fixed: visual and UX improvements.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-405=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-405=1
* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-405=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* MozillaThunderbird-128.7.0-150200.8.200.1
* MozillaThunderbird-debuginfo-128.7.0-150200.8.200.1
* MozillaThunderbird-translations-common-128.7.0-150200.8.200.1
* MozillaThunderbird-debugsource-128.7.0-150200.8.200.1
* MozillaThunderbird-translations-other-128.7.0-150200.8.200.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x)
* MozillaThunderbird-128.7.0-150200.8.200.1
* MozillaThunderbird-debuginfo-128.7.0-150200.8.200.1
* MozillaThunderbird-translations-common-128.7.0-150200.8.200.1
* MozillaThunderbird-debugsource-128.7.0-150200.8.200.1
* MozillaThunderbird-translations-other-128.7.0-150200.8.200.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* MozillaThunderbird-128.7.0-150200.8.200.1
* MozillaThunderbird-debuginfo-128.7.0-150200.8.200.1
* MozillaThunderbird-translations-common-128.7.0-150200.8.200.1
* MozillaThunderbird-debugsource-128.7.0-150200.8.200.1
* MozillaThunderbird-translations-other-128.7.0-150200.8.200.1
## References:
* https://www.suse.com/security/cve/CVE-2024-11704.html
* https://www.suse.com/security/cve/CVE-2025-0510.html
* https://www.suse.com/security/cve/CVE-2025-1009.html
* https://www.suse.com/security/cve/CVE-2025-1010.html
* https://www.suse.com/security/cve/CVE-2025-1011.html
* https://www.suse.com/security/cve/CVE-2025-1012.html
* https://www.suse.com/security/cve/CVE-2025-1013.html
* https://www.suse.com/security/cve/CVE-2025-1014.html
* https://www.suse.com/security/cve/CVE-2025-1015.html
* https://www.suse.com/security/cve/CVE-2025-1016.html
* https://www.suse.com/security/cve/CVE-2025-1017.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236411
* https://bugzilla.suse.com/show_bug.cgi?id=1236539
--===============7491721168082746816==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<div class="container">
<h1>Security update for MozillaThunderbird</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:0405-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-02-10T13:54:56Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236411">bsc#1236411</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236539">bsc#1236539</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-11704.html">CVE-2024-11704</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-0510.html">CVE-2025-0510</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-1009.html">CVE-2025-1009</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-1010.html">CVE-2025-1010</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-1011.html">CVE-2025-1011</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-1012.html">CVE-2025-1012</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-1013.html">CVE-2025-1013</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-1014.html">CVE-2025-1014</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-1015.html">CVE-2025-1015</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-1016.html">CVE-2025-1016</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-1017.html">CVE-2025-1017</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-11704</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">9.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-0510</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">5.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-0510</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-0510</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1009</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.6</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1009</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">9.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1009</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">9.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1010</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.6</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1010</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">9.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1010</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1011</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1011</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">9.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1011</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1012</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1012</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1012</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">9.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1013</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">3.1</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1013</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1014</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">5.3</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1014</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1014</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1015</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1015</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">5.4</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1015</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">5.4</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1016</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1016</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">9.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1016</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">9.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1017</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1017</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">9.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-1017</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">9.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">openSUSE Leap
15.6</li>
<li class="list-group-item">SUSE Linux
Enterprise Desktop 15 SP6</li>
<li class="list-group-item">SUSE Linux
Enterprise Real Time 15 SP6</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP6</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 15 SP6</li>
<li class="list-group-item">SUSE Linux
Enterprise Workstation Extension 15 SP6</li>
<li class="list-group-item">SUSE Package
Hub 15 15-SP6</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves 11 vulnerabilities can now be
installed.</p>
<h2>Description:</h2>
<p>This update for MozillaThunderbird fixes the following
issues:</p>
<p>Update to Mozilla Thunderbird 128.7 (MFSA 2025-10,
bsc#1236539).</p>
<p>Security fixes:</p>
<ul>
<li>CVE-2025-1009: use-after-free in XSLT.</li>
<li>CVE-2025-1010: use-after-free in Custom Highlight.</li>
<li>CVE-2025-1011: a bug in WebAssembly code generation could result in a
crash.</li>
<li>CVE-2025-1012: use-after-free during concurrent
delazification.</li>
<li>CVE-2024-11704: potential double-free vulnerability in PKCS#7
decryption handling.</li>
<li>CVE-2025-1013: potential opening of private browsing tabs in normal
browsing windows.</li>
<li>CVE-2025-1014: certificate length was not properly
checked.</li>
<li>CVE-2025-1015: unsanitized address book fields.</li>
<li>CVE-2025-0510: address of e-mail sender can be spoofed by malicious
email.</li>
<li>CVE-2025-1016: memory safety bugs.</li>
<li>CVE-2025-1017: memory safety bugs.</li>
</ul>
<p>Other fixes:</p>
<ul>
<li>fixed: images inside links could zoom when clicked instead of opening
the link.</li>
<li>fixed: compacting an empty folder failed with write error.</li>
<li>fixed: compacting of IMAP folder with corrupted local storage failed
with write error.</li>
<li>fixed: after restart, all restored tabs with opened PDFs showed the
same attachment.</li>
<li>fixed: exceptions during CalDAV item processing would halt subsequent
item handling.</li>
<li>fixed: context menu was unable to move email address to a different
field.</li>
<li>fixed: link at about:rights pointed to Firefox privacy policy instead
of Thunderbird's.</li>
<li>fixed: POP3 'fetch headers only' and 'get
selected messages' could delete messages.</li>
<li>fixed: 'Search Online' checkbox in saved search
properties was incorrectly disabled.</li>
<li>fixed: POP3 status message showed incorrect download count when
messages were deleted.</li>
<li>fixed: space bar did not always advance to the next unread
message.</li>
<li>fixed: folder creation or renaming failed due to incorrect preference
settings.</li>
<li>fixed: forwarding/editing S/MIME drafts/templates unusable due to
regression (bsc#1236411).</li>
<li>fixed: sort order in 'Search Messages' panel reset
after search or on first launch.</li>
<li>fixed: reply window added an unnecessary third blank line at the
top.</li>
<li>fixed: Thunderbird spell check box did not allow ENTER to accept
suggested changes.</li>
<li>fixed: long email subject lines could overlap window control buttons
on macOS.</li>
<li>fixed: flathub manifest link was not correct.</li>
<li>fixed: 'Prefer client-side email scheduling' needed
to be selected twice.</li>
<li>fixed: duplicate invitations were sent if CALDAV calendar email case
did not match.</li>
<li>fixed: visual and UX improvements.</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper
patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
openSUSE Leap 15.6
<br/>
<code>zypper in -t patch
openSUSE-SLE-15.6-2025-405=1</code>
</li>
<li class="list-group-item">
SUSE Package Hub 15 15-SP6
<br/>
<code>zypper in -t patch
SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-405=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Workstation Extension 15 SP6
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-WE-15-SP6-2025-405=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
<ul>
<li>MozillaThunderbird-128.7.0-150200.8.200.1</li>
<li>MozillaThunderbird-debuginfo-128.7.0-150200.8.200.1</li>
<li>MozillaThunderbird-translations-common-128.7.0-150200.8.200.1</li>
<li>MozillaThunderbird-debugsource-128.7.0-150200.8.200.1</li>
<li>MozillaThunderbird-translations-other-128.7.0-150200.8.200.1</li>
</ul>
</li>
<li>
SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x)
<ul>
<li>MozillaThunderbird-128.7.0-150200.8.200.1</li>
<li>MozillaThunderbird-debuginfo-128.7.0-150200.8.200.1</li>
<li>MozillaThunderbird-translations-common-128.7.0-150200.8.200.1</li>
<li>MozillaThunderbird-debugsource-128.7.0-150200.8.200.1</li>
<li>MozillaThunderbird-translations-other-128.7.0-150200.8.200.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
<ul>
<li>MozillaThunderbird-128.7.0-150200.8.200.1</li>
<li>MozillaThunderbird-debuginfo-128.7.0-150200.8.200.1</li>
<li>MozillaThunderbird-translations-common-128.7.0-150200.8.200.1</li>
<li>MozillaThunderbird-debugsource-128.7.0-150200.8.200.1</li>
<li>MozillaThunderbird-translations-other-128.7.0-150200.8.200.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-11704.html">https://www.suse.com/security/cve/CVE-2024-11704.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-0510.html">https://www.suse.com/security/cve/CVE-2025-0510.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-1009.html">https://www.suse.com/security/cve/CVE-2025-1009.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-1010.html">https://www.suse.com/security/cve/CVE-2025-1010.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-1011.html">https://www.suse.com/security/cve/CVE-2025-1011.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-1012.html">https://www.suse.com/security/cve/CVE-2025-1012.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-1013.html">https://www.suse.com/security/cve/CVE-2025-1013.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-1014.html">https://www.suse.com/security/cve/CVE-2025-1014.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-1015.html">https://www.suse.com/security/cve/CVE-2025-1015.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-1016.html">https://www.suse.com/security/cve/CVE-2025-1016.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-1017.html">https://www.suse.com/security/cve/CVE-2025-1017.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236411">https://bugzilla.suse.com/show_bug.cgi?id=1236411</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236539">https://bugzilla.suse.com/show_bug.cgi?id=1236539</a>
</li>
</ul>
</div>
--===============7491721168082746816==--
|
|
|
|
