products/PackageHub
SHA256
31
1
Fork 13
Code Issues Pull Requests 23 Actions Activity

Pull request for security update for mozillathunderbird #196

Manually merged
products merged 1 commits from msmeissn/PackageHub:maintenance-update-1761560378 into leap-16.0 2025-10-29 17:00:54 +01:00
Conversation 17 Commits 1 Files Changed 2 +49 -1
2 changed files with 49 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
MozillaThunderbird

Submodule MozillaThunderbird updated: 3a03a4feef...ab2bb34d07

48
patchinfo.20251027101939269288.187004354831441/_patchinfo Normal file
View File

@@ -0,0 +1,48 @@
<patchinfo>
<issue tracker="cve" id="2025-10527">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
<issue tracker="cve" id="2025-10536">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
<issue tracker="cve" id="2025-10528">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
<issue tracker="cve" id="2025-10537">Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
<issue tracker="cve" id="2025-10529">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
<issue tracker="cve" id="2025-10532">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
<issue tracker="cve" id="2025-10533">This vulnerability affects Firefox &lt; 143, Firefox ESR &lt; 115.28, Firefox ESR &lt; 140.3, Thunderbird &lt; 143, and Thunderbird &lt; 140.3.</issue>
<issue tracker="bnc" id="1249391">VUL-0: MozillaFirefox / MozillaThunderbird: update to 143.0 and 140.3esr</issue>
<packager>Yoshio_Sato</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for MozillaThunderbird</summary>
<description>This update for MozillaThunderbird fixes the following issues:
Changes in MozillaThunderbird:
Mozilla Thunderbird 140.3.0 ESR:
* Right-clicking 'List-ID' -&gt; 'Unsubscribe' created double encoded
draft subject
* Thunderbird could crash on startup
* Thunderbird could crash when importing mail
* Opening Website header link in RSS feed incorrectly re-encoded
URL parameters
MFSA 2025-78 (bsc#1249391)
* CVE-2025-10527
Sandbox escape due to use-after-free in the Graphics:
Canvas2D component
* CVE-2025-10528
Sandbox escape due to undefined behavior, invalid pointer in
the Graphics: Canvas2D component
* CVE-2025-10529
Same-origin policy bypass in the Layout component
* CVE-2025-10532
Incorrect boundary conditions in the JavaScript: GC component
* CVE-2025-10533
Integer overflow in the SVG component
* CVE-2025-10536
Information disclosure in the Networking: Cache component
* CVE-2025-10537
Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
ESR 140.3, Firefox 143 and Thunderbird 143
</description>
<package>MozillaThunderbird</package>
<seperate_build_arch/>
</patchinfo>