Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in thunderbird
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in thunderbird
ID: RHSA-2025:1348
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux AppStream AUS (v. 8.2)
Datum: Mi, 12. Februar 2025, 23:47
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=2343764
https://access.redhat.com/security/cve/CVE-2025-1012
https://bugzilla.redhat.com/show_bug.cgi?id=2343765
https://bugzilla.redhat.com/show_bug.cgi?id=2343760
https://bugzilla.redhat.com/show_bug.cgi?id=2343754
https://access.redhat.com/security/cve/CVE-2025-1010
https://bugzilla.redhat.com/show_bug.cgi?id=2343748
https://access.redhat.com/errata/RHSA-2025:1348
https://bugzilla.redhat.com/show_bug.cgi?id=2343756
https://access.redhat.com/security/cve/CVE-2025-1014
https://access.redhat.com/security/cve/CVE-2025-1015
https://bugzilla.redhat.com/show_bug.cgi?id=2343762
https://access.redhat.com/security/cve/CVE-2025-0510
https://access.redhat.com/security/cve/CVE-2025-1009
https://access.redhat.com/security/cve/CVE-2025-1013
https://bugzilla.redhat.com/show_bug.cgi?id=2343750
https://access.redhat.com/security/cve/CVE-2025-1016
https://access.redhat.com/security/cve/CVE-2025-1011
https://bugzilla.redhat.com/show_bug.cgi?id=2343759
https://bugzilla.redhat.com/show_bug.cgi?id=2343752
https://access.redhat.com/security/cve/CVE-2025-1017
Applikationen: Mozilla Thunderbird

Originalnachricht

 
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2
 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of
 Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird
 135, Firefox ESR 128.7, and Thunderbird 128.7 (CVE-2025-1017)

* firefox: thunderbird: Use-after-free in Custom Highlight (CVE-2025-1010)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird
 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 (CVE-2025-1016)

* firefox: thunderbird: Potential opening of private browsing tabs in normal
 browsing windows (CVE-2025-1013)

* firefox: thunderbird: A bug in WebAssembly code generation could result in a
 crash (CVE-2025-1011)

* thunderbird: Unsanitized address book fields (CVE-2025-1015)

* firefox: thunderbird: Use-after-free in XSLT (CVE-2025-1009)

* thunderbird: Address of e-mail sender can be spoofed by malicious email
 (CVE-2025-0510)

* firefox: thunderbird: Certificate length was not properly checked
 (CVE-2025-1014)

* firefox: thunderbird: Use-after-free during concurrent delazification
 (CVE-2025-1012)

For more details about the security issue(s), including the impact, a CVSS
 score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-0510: User Interface (UI) Misrepresentation of Critical Information
 (CWE-451)
CVE-2025-1009: Use After Free (CWE-416)
CVE-2025-1010: Use After Free (CWE-416)
CVE-2025-1011: Improper Restriction of Operations within the Bounds of a Memory
 Buffer (CWE-119)
CVE-2025-1012: Use After Free (CWE-416)
CVE-2025-1013: Concurrent Execution using Shared Resource with Improper
 Synchronization ('Race Condition') (CWE-362)
CVE-2025-1014: Improper Validation of Specified Quantity in Input (CWE-1284)
CVE-2025-1015: URL Redirection to Untrusted Site ('Open Redirect')
 (CWE-601)
CVE-2025-1016: Buffer Copy without Checking Size of Input ('Classic Buffer
 Overflow') (CWE-120)
CVE-2025-1017: Buffer Copy without Checking Size of Input ('Classic Buffer
 Overflow') (CWE-120)
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung