An update for thunderbird is now available for Red Hat Enterprise Linux 9.2
 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of
 Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* thunderbird: User Interface (UI) Misrepresentation of attachment URL
 (CVE-2025-3523)

* thunderbird: Information Disclosure of /tmp directory listing (CVE-2025-2830)

* thunderbird: Leak of hashed Window credentials via crafted attachment URL
 (CVE-2025-3522)

For more details about the security issue(s), including the impact, a CVSS
 score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-2830: Exposure of Sensitive Information to an Unauthorized Actor
 (CWE-200)
CVE-2025-3522: Insufficient Granularity of Access Control (CWE-1220)
CVE-2025-3523: User Interface (UI) Misrepresentation of Critical Information
 (CWE-451)