rpm package
opensuse/MozillaThunderbird&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2016.0
Vulnerabilities (86)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-10536 | Med | 6.2 | < 140.3.0-bp160.1.1 | 140.3.0-bp160.1.1 | Sep 16, 2025 | Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |
| CVE-2025-10533 | Hig | 8.8 | < 140.3.0-bp160.1.1 | 140.3.0-bp160.1.1 | Sep 16, 2025 | Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |
| CVE-2025-10532 | Med | 6.5 | < 140.3.0-bp160.1.1 | 140.3.0-bp160.1.1 | Sep 16, 2025 | Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |
| CVE-2025-10529 | Med | 6.5 | < 140.3.0-bp160.1.1 | 140.3.0-bp160.1.1 | Sep 16, 2025 | Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |
| CVE-2025-10528 | Hig | 7.3 | < 140.3.0-bp160.1.1 | 140.3.0-bp160.1.1 | Sep 16, 2025 | Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |
| CVE-2025-10527 | Hig | 7.1 | < 140.3.0-bp160.1.1 | 140.3.0-bp160.1.1 | Sep 16, 2025 | Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. |
- affected < 140.3.0-bp160.1.1fixed 140.3.0-bp160.1.1
Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- affected < 140.3.0-bp160.1.1fixed 140.3.0-bp160.1.1
Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- affected < 140.3.0-bp160.1.1fixed 140.3.0-bp160.1.1
Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- affected < 140.3.0-bp160.1.1fixed 140.3.0-bp160.1.1
Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- affected < 140.3.0-bp160.1.1fixed 140.3.0-bp160.1.1
Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
- affected < 140.3.0-bp160.1.1fixed 140.3.0-bp160.1.1
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
Page 5 of 5