59 matches found
RockyLinux 9 : thunderbird (RLSA-2025:18321)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:18321 advisory. thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textur...
Updated thunderbird packgaes fix security vulnerabilities
CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could ...
CVE-2025-6430
When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a embed or object tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12,...
MGASA-2025-0168 Updated thunderbird packages fix security vulnerabilities
Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3875 Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links. CVE-2025-3877 JavaScript Execution via Spoofed PDF Attachment and file:/// Link. CVE-2025-3909 Tracking Links in Attachments...
[slackware-security] mozilla-thunderbird
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-128.10.2esr-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For...
Updated thunderbird packages fix security vulnerabilities
Process isolation bypass using "javascript:" URI links in cross-origin frames. CVE-2025-4083 Unsafe attribute access during XPath parsing. CVE-2025-4087 Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. CVE-2025-4091 Memory safety bug fixed in...
Updated nss & firefox packages fix security vulnerabilities
Use-after-free triggered by XSLTProcessor. CVE-2025-3028 URL Bar Spoofing via non-BMP Unicode characters. CVE-2025-3029 Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. CVE-2025-3030...
Updated thunderbird packages fix security vulnerabilities
Use-after-free triggered by XSLTProcessor. CVE-2025-3028 URL Bar Spoofing via non-BMP Unicode characters. CVE-2025-3029 Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. CVE-2025-3030...
MGASA-2025-0125 Updated nss & firefox packages fix security vulnerabilities
Use-after-free triggered by XSLTProcessor. CVE-2025-3028 URL Bar Spoofing via non-BMP Unicode characters. CVE-2025-3029 Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. CVE-2025-3030...
Linux Distros Unpatched Vulnerability : CVE-2010-1210
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain...
Linux Distros Unpatched Vulnerability : CVE-2011-3647
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript...
MGASA-2025-0045 Updated rootcerts, nss & firefox packages fix security vulnerabilities
Use-after-free in XSLT. CVE-2025-1009 Use-after-free in Custom Highlight. CVE-2025-1010 A bug in WebAssembly code generation could result in a crash. CVE-2025-1011 Use-after-free during concurrent delazification. CVE-2025-1012 Potential double-free vulnerability in PKCS7 decryption handling...
MGASA-2025-0048 Updated thunderbird packages fix security vulnerabilities
Use-after-free in XSLT. CVE-2025-1009 Use-after-free in Custom Highlight. CVE-2025-1010 A bug in WebAssembly code generation could result in a crash. CVE-2025-1011 Use-after-free during concurrent delazification. CVE-2025-1012 Potential double-free vulnerability in PKCS7 decryption handling...
Updated thunderbird packages fix security vulnerabilities
WebChannel APIs susceptible to confused deputy attack. CVE-2025-0237 Use-after-free when breaking lines in text. CVE-2025-0238 Alt-Svc ALPN validation failure when redirected. CVE-2025-0239 Compartment mismatch when parsing JavaScript JSON module. CVE-2025-0240 Memory corruption when using...
Updated thunderbird packages fix security vulnerability
Matrix-js-sdk has insufficient MXC URI validation which could allow client-side path traversal. CVE-2024-50336...
MGASA-2024-0395 Updated thunderbird packages fix security vulnerability
Matrix-js-sdk has insufficient MXC URI validation which could allow client-side path traversal. CVE-2024-50336...
MGASA-2024-0384 Updated thunderbird packages fix security vulnerabilities
Select list elements could be shown over another site. CVE-2024-11692 CSP Bypass and XSS Exposure via Web Compatibility Shims. CVE-2024-11694 URL Bar Spoofing via Manipulated Punycode and Whitespace Characters. CVE-2024-11695 Unhandled Exception in Add-on Signature Verification. CVE-2024-11696...
MGASA-2024-0383 Updated rootcerts, nss & firefox packages fix security vulnerabilities
Select list elements could be shown over another site. CVE-2024-11692 CSP Bypass and XSS Exposure via Web Compatibility Shims. CVE-2024-11694 URL Bar Spoofing via Manipulated Punycode and Whitespace Characters. CVE-2024-11695 Unhandled Exception in Add-on Signature Verification. CVE-2024-11696...
MGASA-2024-0365 Updated thunderbird packages fix security vulnerability
Potential disclosure of plaintext in OpenPGP encrypted message. CVE-2024-11159...
MGASA-2024-0350 Updated thunderbird packages fix security vulnerabilities
Permission leak via embed or object elements. CVE-2024-10458 Use-after-free in layout with accessibility. CVE-2024-10459 Confusing display of origin for external protocol handler prompt. CVE-2024-10460 XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response...