rpm package
almalinux/thunderbird
pkg:rpm/almalinux/thunderbird
Vulnerabilities (572)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-10533 | Hig | 8.8 | < 140.3.0-1.el9_6.alma.1 | 140.3.0-1.el9_6.alma.1 | Sep 16, 2025 | Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |
| CVE-2025-10532 | Med | 6.5 | < 140.3.0-1.el9_6.alma.1 | 140.3.0-1.el9_6.alma.1 | Sep 16, 2025 | Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |
| CVE-2025-10529 | Med | 6.5 | < 140.3.0-1.el9_6.alma.1 | 140.3.0-1.el9_6.alma.1 | Sep 16, 2025 | Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |
| CVE-2025-10528 | Hig | 7.3 | < 140.3.0-1.el9_6.alma.1 | 140.3.0-1.el9_6.alma.1 | Sep 16, 2025 | Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |
| CVE-2025-10527 | Hig | 7.1 | < 140.3.0-1.el9_6.alma.1 | 140.3.0-1.el9_6.alma.1 | Sep 16, 2025 | Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |
| CVE-2025-9185 | Hig | 8.1 | < 128.14.0-3.el9_6.alma.1 | 128.14.0-3.el9_6.alma.1 | Aug 19, 2025 | Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these co | |
| CVE-2025-9182 | Hig | 7.5 | < 128.14.0-3.el9_6.alma.1 | 128.14.0-3.el9_6.alma.1 | Aug 19, 2025 | Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2. | |
| CVE-2025-9181 | Med | 6.5 | < 128.14.0-3.el9_6.alma.1 | 128.14.0-3.el9_6.alma.1 | Aug 19, 2025 | Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2. | |
| CVE-2025-9180 | Hig | 8.1 | < 128.14.0-3.el9_6.alma.1 | 128.14.0-3.el9_6.alma.1 | Aug 19, 2025 | Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2. | |
| CVE-2025-9179 | Cri | 9.8 | < 128.14.0-3.el9_6.alma.1 | 128.14.0-3.el9_6.alma.1 | Aug 19, 2025 | An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Fi | |
| CVE-2025-8035 | Hig | 8.8 | < 128.13.0-3.el9_6.alma.1 | 128.13.0-3.el9_6.alma.1 | Jul 22, 2025 | Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploi | |
| CVE-2025-8034 | Hig | 8.8 | < 128.13.0-3.el9_6.alma.1 | 128.13.0-3.el9_6.alma.1 | Jul 22, 2025 | Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these co | |
| CVE-2025-8033 | Med | 6.5 | < 128.13.0-3.el9_6.alma.1 | 128.13.0-3.el9_6.alma.1 | Jul 22, 2025 | The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunder | |
| CVE-2025-8032 | Hig | 8.1 | < 128.13.0-3.el9_6.alma.1 | 128.13.0-3.el9_6.alma.1 | Jul 22, 2025 | XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1. | |
| CVE-2025-8031 | Cri | 9.8 | < 128.13.0-3.el9_6.alma.1 | 128.13.0-3.el9_6.alma.1 | Jul 22, 2025 | The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140 | |
| CVE-2025-8030 | Hig | 8.1 | < 128.13.0-3.el9_6.alma.1 | 128.13.0-3.el9_6.alma.1 | Jul 22, 2025 | Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1. | |
| CVE-2025-8029 | Hig | 8.1 | < 128.13.0-3.el9_6.alma.1 | 128.13.0-3.el9_6.alma.1 | Jul 22, 2025 | Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1. | |
| CVE-2025-8028 | Cri | 9.8 | < 128.13.0-3.el9_6.alma.1 | 128.13.0-3.el9_6.alma.1 | Jul 22, 2025 | On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefo | |
| CVE-2025-8027 | Med | 6.5 | < 128.13.0-3.el9_6.alma.1 | 128.13.0-3.el9_6.alma.1 | Jul 22, 2025 | On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird | |
| CVE-2025-5986 | Med | 6.5 | < 128.12.0-1.el10_0.alma.1 | 128.12.0-1.el10_0.alma.1 | Jun 11, 2025 | A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/uran |
- affected < 140.3.0-1.el9_6.alma.1fixed 140.3.0-1.el9_6.alma.1
Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- affected < 140.3.0-1.el9_6.alma.1fixed 140.3.0-1.el9_6.alma.1
Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- affected < 140.3.0-1.el9_6.alma.1fixed 140.3.0-1.el9_6.alma.1
Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- affected < 140.3.0-1.el9_6.alma.1fixed 140.3.0-1.el9_6.alma.1
Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- affected < 140.3.0-1.el9_6.alma.1fixed 140.3.0-1.el9_6.alma.1
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- affected < 128.14.0-3.el9_6.alma.1fixed 128.14.0-3.el9_6.alma.1
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these co
- affected < 128.14.0-3.el9_6.alma.1fixed 128.14.0-3.el9_6.alma.1
Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2.
- affected < 128.14.0-3.el9_6.alma.1fixed 128.14.0-3.el9_6.alma.1
Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.
- affected < 128.14.0-3.el9_6.alma.1fixed 128.14.0-3.el9_6.alma.1
Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.
- affected < 128.14.0-3.el9_6.alma.1fixed 128.14.0-3.el9_6.alma.1
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Fi
- affected < 128.13.0-3.el9_6.alma.1fixed 128.13.0-3.el9_6.alma.1
Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploi
- affected < 128.13.0-3.el9_6.alma.1fixed 128.13.0-3.el9_6.alma.1
Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these co
- affected < 128.13.0-3.el9_6.alma.1fixed 128.13.0-3.el9_6.alma.1
The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunder
- affected < 128.13.0-3.el9_6.alma.1fixed 128.13.0-3.el9_6.alma.1
XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
- affected < 128.13.0-3.el9_6.alma.1fixed 128.13.0-3.el9_6.alma.1
The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140
- affected < 128.13.0-3.el9_6.alma.1fixed 128.13.0-3.el9_6.alma.1
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
- affected < 128.13.0-3.el9_6.alma.1fixed 128.13.0-3.el9_6.alma.1
Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
- affected < 128.13.0-3.el9_6.alma.1fixed 128.13.0-3.el9_6.alma.1
On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefo
- affected < 128.13.0-3.el9_6.alma.1fixed 128.13.0-3.el9_6.alma.1
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird
- affected < 128.12.0-1.el10_0.alma.1fixed 128.12.0-1.el10_0.alma.1
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/uran
Page 11 of 29