Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.3 bsc1249391. Security issues fixed: MFSA 2025-78 CVE-2025-10527: sandbox escape due to use-after-free in the Graphics: Canvas2D component. CVE-2025-10528: sandbox escape due to undefined behavior,...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2025:03291-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03291-1 advisory. Firefox Extended Support Release 140.3.0 ESR bsc1249391. MFSA 2025-75: CVE-2025-10527 bmo198482...

ALSA-2025:16260 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect boundary conditions in the...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component CVE-2025-10532 firefox:...

firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect boundary conditions in the...

SUSE CVE-2025-10532

Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

UBUNTU-CVE-2025-10532

Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

KLA88011 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability i...

Mozilla -- Incorrect boundary conditions

[email protected] reports: The vulnerability has been assessed to have moderate impact on affected systems, potentially allowing attackers to exploit incorrect boundary conditions in the JavaScript Garbage Collection component. In Thunderbird specifically, these flaws cannot be exploited throu...

Firefox -- Incorrect boundary conditions

https://bugzilla.mozilla.org/showbug.cgi?id=1979502 reports: Incorrect boundary conditions in the JavaScript: GC component...

CVE-2024-50570

A Cleartext Storage of Sensitive Information vulnerability CWE-312 in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN passwor...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 128.2.3 MFSA 2024-43 bsc1229821 CVE-2024-8394: Crash when aborting verification of OTR chat. CVE-2024-8385: WASM type confusion involving ArrayTypes. CVE-2024-8381: Type confusion when looking up a property name in...

Amazon Linux 2 : firefox (ALASFIREFOX-2024-029)

The version of firefox installed on the remote host is prior to 115.15.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-029 advisory. 2024-09-26: CVE-2024-7652 was added to this advisory. An error in the ECMA-262 specification relating to Async...

mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions

The Mozilla Foundation's Security Advisory: The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption...

Mozilla Thunderbird < 115.15

The version of Thunderbird installed on the remote Windows host is prior to 115.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-44 advisory. - The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the...

Mozilla Firefox < 130.0

The version of Firefox installed on the remote Windows host is prior to 130.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-39 advisory. - Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that...

Mozilla Firefox ESR < 115.15

The version of Firefox ESR installed on the remote Windows host is prior to 115.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-41 advisory. - The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the...

Security Vulnerabilities fixed in Thunderbird 115.15 — Mozilla

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the with environment. Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried t...