[Apollo] Advisories Statistics light light Login

RLSA-2025:12187

Security Mirrored from RHSA-2025:12187
Issued at: 2025-10-04
Updated at: 2025-10-10

Synopsis

Important: thunderbird security update



Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* firefox: thunderbird: Large branch table could lead to truncated instruction (CVE-2025-8028)

* firefox: thunderbird: Memory safety bugs (CVE-2025-8035)

* firefox: thunderbird: Incorrect URL stripping in CSP reports (CVE-2025-8031)

* firefox: thunderbird: JavaScript engine only wrote partial return value to stack (CVE-2025-8027)

* firefox: thunderbird: Potential user-assisted code execution in ?Copy as cURL? command (CVE-2025-8030)

* firefox: Memory safety bugs (CVE-2025-8034)

* firefox: thunderbird: Incorrect JavaScript state machine for generators (CVE-2025-8033)

* firefox: thunderbird: XSLT documents could bypass CSP (CVE-2025-8032)

* firefox: thunderbird: javascript: URLs executed on object and embed tags (CVE-2025-8029)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 9.6 aarch64 Rocky Linux 9.6 ppc64le Rocky Linux 9.6 s390x Rocky Linux 9.6 x86_64

Fixes

2382701 2382703 2382704 2382707 2382710 2382711 2382717 2382718 2382720

CVEs

CVE-2025-8027 CVE-2025-8028 CVE-2025-8029 CVE-2025-8030 CVE-2025-8031 CVE-2025-8032 CVE-2025-8033 CVE-2025-8034 CVE-2025-8035

Affected packages

Rocky Linux 9.6 aarch64 - AppStream

thunderbird-0:128.13.0-3.el9_6.aarch64.rpm thunderbird-0:128.13.0-3.el9_6.src.rpm thunderbird-debuginfo-0:128.13.0-3.el9_6.aarch64.rpm thunderbird-debugsource-0:128.13.0-3.el9_6.aarch64.rpm

Rocky Linux 9.6 ppc64le - AppStream

thunderbird-0:128.13.0-3.el9_6.ppc64le.rpm thunderbird-0:128.13.0-3.el9_6.src.rpm thunderbird-debuginfo-0:128.13.0-3.el9_6.ppc64le.rpm thunderbird-debugsource-0:128.13.0-3.el9_6.ppc64le.rpm

Rocky Linux 9.6 s390x - AppStream

thunderbird-0:128.13.0-3.el9_6.s390x.rpm thunderbird-0:128.13.0-3.el9_6.src.rpm thunderbird-debuginfo-0:128.13.0-3.el9_6.s390x.rpm thunderbird-debugsource-0:128.13.0-3.el9_6.s390x.rpm

Rocky Linux 9.6 x86_64 - AppStream

thunderbird-0:128.13.0-3.el9_6.src.rpm thunderbird-0:128.13.0-3.el9_6.x86_64.rpm thunderbird-debuginfo-0:128.13.0-3.el9_6.x86_64.rpm thunderbird-debugsource-0:128.13.0-3.el9_6.x86_64.rpm