[Apollo] Advisories Statistics light light Login

RLSA-2025:18321

Security Mirrored from RHSA-2025:18321
Issued at: 2025-10-28
Updated at: 2025-11-05

Synopsis

Important: thunderbird security update



Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* thunderbird: firefox: Memory safety bugs (CVE-2025-11714)

* thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures (CVE-2025-11709)

* thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)

* thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)

* thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type (CVE-2025-11712)

* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 (CVE-2025-11715)

* thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 9.6 aarch64 Rocky Linux 9.6 ppc64le Rocky Linux 9.6 s390x Rocky Linux 9.6 x86_64

Fixes

2403763 2403765 2403768 2403769 2403770 2403774 2403776

CVEs

CVE-2025-11708 CVE-2025-11709 CVE-2025-11710 CVE-2025-11711 CVE-2025-11712 CVE-2025-11714 CVE-2025-11715

Affected packages

Rocky Linux 9.6 aarch64 - AppStream

thunderbird-0:140.4.0-2.el9_6.aarch64.rpm thunderbird-0:140.4.0-2.el9_6.src.rpm thunderbird-debuginfo-0:140.4.0-2.el9_6.aarch64.rpm thunderbird-debugsource-0:140.4.0-2.el9_6.aarch64.rpm

Rocky Linux 9.6 ppc64le - AppStream

thunderbird-0:140.4.0-2.el9_6.ppc64le.rpm thunderbird-0:140.4.0-2.el9_6.src.rpm thunderbird-debuginfo-0:140.4.0-2.el9_6.ppc64le.rpm thunderbird-debugsource-0:140.4.0-2.el9_6.ppc64le.rpm

Rocky Linux 9.6 s390x - AppStream

thunderbird-0:140.4.0-2.el9_6.s390x.rpm thunderbird-0:140.4.0-2.el9_6.src.rpm thunderbird-debuginfo-0:140.4.0-2.el9_6.s390x.rpm thunderbird-debugsource-0:140.4.0-2.el9_6.s390x.rpm

Rocky Linux 9.6 x86_64 - AppStream

thunderbird-0:140.4.0-2.el9_6.src.rpm thunderbird-0:140.4.0-2.el9_6.x86_64.rpm thunderbird-debuginfo-0:140.4.0-2.el9_6.x86_64.rpm thunderbird-debugsource-0:140.4.0-2.el9_6.x86_64.rpm