[Apollo] Advisories Statistics light light Login

RLSA-2025:14640

Security Mirrored from RHSA-2025:14640
Issued at: 2025-10-04
Updated at: 2025-10-10

Synopsis

Important: thunderbird security update



Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component (CVE-2025-9182)

* thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component (CVE-2025-9179)

* thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component (CVE-2025-9180)

* thunderbird: firefox: Uninitialized memory in the JavaScript Engine component (CVE-2025-9181)

* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 (CVE-2025-9185)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 9.6 aarch64 Rocky Linux 9.6 ppc64le Rocky Linux 9.6 s390x Rocky Linux 9.6 x86_64

Fixes

2389575 2389580 2389581 2389583 2389584

CVEs

CVE-2025-9179 CVE-2025-9180 CVE-2025-9181 CVE-2025-9182 CVE-2025-9185

Affected packages

Rocky Linux 9.6 aarch64 - AppStream

thunderbird-0:128.14.0-3.el9_6.aarch64.rpm thunderbird-0:128.14.0-3.el9_6.src.rpm thunderbird-debuginfo-0:128.14.0-3.el9_6.aarch64.rpm thunderbird-debugsource-0:128.14.0-3.el9_6.aarch64.rpm

Rocky Linux 9.6 ppc64le - AppStream

thunderbird-0:128.14.0-3.el9_6.ppc64le.rpm thunderbird-0:128.14.0-3.el9_6.src.rpm thunderbird-debuginfo-0:128.14.0-3.el9_6.ppc64le.rpm thunderbird-debugsource-0:128.14.0-3.el9_6.ppc64le.rpm

Rocky Linux 9.6 s390x - AppStream

thunderbird-0:128.14.0-3.el9_6.s390x.rpm thunderbird-0:128.14.0-3.el9_6.src.rpm thunderbird-debuginfo-0:128.14.0-3.el9_6.s390x.rpm thunderbird-debugsource-0:128.14.0-3.el9_6.s390x.rpm

Rocky Linux 9.6 x86_64 - AppStream

thunderbird-0:128.14.0-3.el9_6.src.rpm thunderbird-0:128.14.0-3.el9_6.x86_64.rpm thunderbird-debuginfo-0:128.14.0-3.el9_6.x86_64.rpm thunderbird-debugsource-0:128.14.0-3.el9_6.x86_64.rpm