From bd04a8821e7aaa8d5aab423e02febb254f64e9895cfd1b9f9eea565aa4724d19 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 27 Oct 2025 11:20:22 +0100 Subject: [PATCH] Update submodules from pool/MozillaThunderbird#5 and create patchinfo.20251027101939269288.187004354831441/_patchinfo --- MozillaThunderbird | 2 +- .../_patchinfo | 48 +++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 patchinfo.20251027101939269288.187004354831441/_patchinfo diff --git a/MozillaThunderbird b/MozillaThunderbird index 3a03a4f..ab2bb34 160000 --- a/MozillaThunderbird +++ b/MozillaThunderbird @@ -1 +1 @@ -Subproject commit 3a03a4feef1c4d49fb71177ade3c6f2d3dbc0dd495bb39731dd55b9e7f0d4c09 +Subproject commit ab2bb34d0728d73a3f5449012f95c8b84c13edf75ae06f1fefe5f28c900b241d diff --git a/patchinfo.20251027101939269288.187004354831441/_patchinfo b/patchinfo.20251027101939269288.187004354831441/_patchinfo new file mode 100644 index 0000000..de90685 --- /dev/null +++ b/patchinfo.20251027101939269288.187004354831441/_patchinfo @@ -0,0 +1,48 @@ + + This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. + This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. + This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. + Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. + This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. + This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. + This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. + VUL-0: MozillaFirefox / MozillaThunderbird: update to 143.0 and 140.3esr + Yoshio_Sato + important + security + Security update for MozillaThunderbird + This update for MozillaThunderbird fixes the following issues: + +Changes in MozillaThunderbird: + +Mozilla Thunderbird 140.3.0 ESR: + + * Right-clicking 'List-ID' -> 'Unsubscribe' created double encoded + draft subject + * Thunderbird could crash on startup + * Thunderbird could crash when importing mail + * Opening Website header link in RSS feed incorrectly re-encoded + URL parameters + MFSA 2025-78 (bsc#1249391) + * CVE-2025-10527 + Sandbox escape due to use-after-free in the Graphics: + Canvas2D component + * CVE-2025-10528 + Sandbox escape due to undefined behavior, invalid pointer in + the Graphics: Canvas2D component + * CVE-2025-10529 + Same-origin policy bypass in the Layout component + * CVE-2025-10532 + Incorrect boundary conditions in the JavaScript: GC component + * CVE-2025-10533 + Integer overflow in the SVG component + * CVE-2025-10536 + Information disclosure in the Networking: Cache component + * CVE-2025-10537 + Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird + ESR 140.3, Firefox 143 and Thunderbird 143 + + + MozillaThunderbird + + -- 2.51.1