drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in thunderbird
| Name: |
Mehrere Probleme in thunderbird |
|
| ID: |
RHSA-2025:22449 |
|
| Distribution: |
Red Hat |
|
| Plattformen: |
Red Hat Enterprise Linux AppStream EUS (v.9.4) |
|
| Datum: |
Di, 2. Dezember 2025, 22:25 |
|
| Referenzen: |
https://bugzilla.redhat.com/show_bug.cgi?id=2414084
https://access.redhat.com/security/cve/CVE-2025-13013
https://bugzilla.redhat.com/show_bug.cgi?id=2414083
https://bugzilla.redhat.com/show_bug.cgi?id=2414090
https://bugzilla.redhat.com/show_bug.cgi?id=2414085
https://access.redhat.com/security/cve/CVE-2025-13020
https://access.redhat.com/security/cve/CVE-2025-13017
https://bugzilla.redhat.com/show_bug.cgi?id=2414080
https://bugzilla.redhat.com/show_bug.cgi?id=2414092
https://access.redhat.com/security/cve/CVE-2025-13019
https://bugzilla.redhat.com/show_bug.cgi?id=2414079
https://access.redhat.com/security/cve/CVE-2025-13018
https://access.redhat.com/security/cve/CVE-2025-13015
https://access.redhat.com/errata/RHSA-2025:22449
https://bugzilla.redhat.com/show_bug.cgi?id=2414086
https://access.redhat.com/security/cve/CVE-2025-13016
https://access.redhat.com/security/cve/CVE-2025-13014
https://access.redhat.com/security/cve/CVE-2025-13012
https://bugzilla.redhat.com/show_bug.cgi?id=2414091 |
|
| Applikationen: |
Mozilla Thunderbird |
|
Originalnachricht |
An update for thunderbird is now available for Red Hat Enterprise Linux 9.4
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)
* firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)
* firefox: Incorrect boundary conditions in the JavaScript: WebAssembly
component (CVE-2025-13016)
* firefox: Same-origin policy bypass in the DOM: Workers component
(CVE-2025-13019)
* firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)
* firefox: Race condition in the Graphics component (CVE-2025-13012)
* firefox: Spoofing issue in Firefox (CVE-2025-13015)
* firefox: Mitigation bypass in the DOM: Core & HTML component
(CVE-2025-13013)
* firefox: Same-origin policy bypass in the DOM: Notifications component
(CVE-2025-13017)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2025-13012: Race Condition within a Thread (CWE-366)
CVE-2025-13013: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting') (CWE-79)
CVE-2025-13014: Expired Pointer Dereference (CWE-825)
CVE-2025-13015: Authentication Bypass by Spoofing (CWE-290)
CVE-2025-13016: Out-of-bounds Write (CWE-787)
CVE-2025-13017: Trust Boundary Violation (CWE-501)
CVE-2025-13018: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting') (CWE-79)
CVE-2025-13019: Origin Validation Error (CWE-346)
CVE-2025-13020: Expired Pointer Dereference (CWE-825)
|
|
|
|
