[Apollo] Advisories Statistics light light Login

RLSA-2025:18320

Security Mirrored from RHSA-2025:18320
Issued at: 2025-10-26
Updated at: 2025-11-05

Synopsis

Important: thunderbird security update



Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* thunderbird: firefox: Memory safety bugs (CVE-2025-11714)

* thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures (CVE-2025-11709)

* thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)

* thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)

* thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type (CVE-2025-11712)

* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 (CVE-2025-11715)

* thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 10.0 aarch64 Rocky Linux 10.0 ppc64le Rocky Linux 10.0 s390x Rocky Linux 10.0 x86_64

Fixes

2403763 2403765 2403768 2403769 2403770 2403774 2403776

CVEs

CVE-2025-11708 CVE-2025-11709 CVE-2025-11710 CVE-2025-11711 CVE-2025-11712 CVE-2025-11714 CVE-2025-11715

Affected packages

Rocky Linux 10.0 aarch64 - AppStream

thunderbird-0:140.4.0-2.el10_0.aarch64.rpm thunderbird-0:140.4.0-2.el10_0.src.rpm thunderbird-debuginfo-0:140.4.0-2.el10_0.aarch64.rpm thunderbird-debugsource-0:140.4.0-2.el10_0.aarch64.rpm

Rocky Linux 10.0 ppc64le - AppStream

thunderbird-0:140.4.0-2.el10_0.ppc64le.rpm thunderbird-0:140.4.0-2.el10_0.src.rpm thunderbird-debuginfo-0:140.4.0-2.el10_0.ppc64le.rpm thunderbird-debugsource-0:140.4.0-2.el10_0.ppc64le.rpm

Rocky Linux 10.0 s390x - AppStream

thunderbird-0:140.4.0-2.el10_0.s390x.rpm thunderbird-0:140.4.0-2.el10_0.src.rpm thunderbird-debuginfo-0:140.4.0-2.el10_0.s390x.rpm thunderbird-debugsource-0:140.4.0-2.el10_0.s390x.rpm

Rocky Linux 10.0 x86_64 - AppStream

thunderbird-0:140.4.0-2.el10_0.src.rpm thunderbird-0:140.4.0-2.el10_0.x86_64.rpm thunderbird-debuginfo-0:140.4.0-2.el10_0.x86_64.rpm thunderbird-debugsource-0:140.4.0-2.el10_0.x86_64.rpm