[Apollo] Advisories Statistics light light Login

RLSA-2026:0025

Security Mirrored from RHSA-2026:0025
Issued at: 2026-01-05
Updated at: 2026-01-07

Synopsis

Important: thunderbird security update



Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 (CVE-2025-14333)

* firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)

* firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)

* firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2025-14322)

* firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)

* firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)

* firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)

* firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)

* firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)

* firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 10 aarch64 Rocky Linux 10 ppc64le Rocky Linux 10 s390x Rocky Linux 10 x86_64

Fixes

2420502 2420503 2420504 2420506 2420508 2420509 2420512 2420513 2420516 2420517

CVEs

CVE-2025-14321 CVE-2025-14322 CVE-2025-14323 CVE-2025-14324 CVE-2025-14325 CVE-2025-14328 CVE-2025-14329 CVE-2025-14330 CVE-2025-14331 CVE-2025-14333

Affected packages

Rocky Linux 10 aarch64 - AppStream

thunderbird-0:140.6.0-1.el10_1.aarch64.rpm thunderbird-0:140.6.0-1.el10_1.src.rpm thunderbird-debuginfo-0:140.6.0-1.el10_1.aarch64.rpm thunderbird-debugsource-0:140.6.0-1.el10_1.aarch64.rpm

Rocky Linux 10 ppc64le - AppStream

thunderbird-0:140.6.0-1.el10_1.ppc64le.rpm thunderbird-0:140.6.0-1.el10_1.src.rpm thunderbird-debuginfo-0:140.6.0-1.el10_1.ppc64le.rpm thunderbird-debugsource-0:140.6.0-1.el10_1.ppc64le.rpm

Rocky Linux 10 s390x - AppStream

thunderbird-0:140.6.0-1.el10_1.s390x.rpm thunderbird-0:140.6.0-1.el10_1.src.rpm thunderbird-debuginfo-0:140.6.0-1.el10_1.s390x.rpm thunderbird-debugsource-0:140.6.0-1.el10_1.s390x.rpm

Rocky Linux 10 x86_64 - AppStream

thunderbird-0:140.6.0-1.el10_1.src.rpm thunderbird-0:140.6.0-1.el10_1.x86_64.rpm thunderbird-debuginfo-0:140.6.0-1.el10_1.x86_64.rpm thunderbird-debugsource-0:140.6.0-1.el10_1.x86_64.rpm