[Apollo] Advisories Statistics light light Login

RLSA-2025:8608

Security Mirrored from RHSA-2025:8608
Issued at: 2025-09-30
Updated at: 2025-10-07

Synopsis

Important: thunderbird security update



Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918)

* firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919)

* firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details (CVE-2025-5267)

* firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264)

* firefox: thunderbird: Memory safety bugs (CVE-2025-5268)

* firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266)

* firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content (CVE-2025-5263)

* firefox: thunderbird: Memory safety bug (CVE-2025-5269)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 10.0 aarch64 Rocky Linux 10.0 ppc64le Rocky Linux 10.0 s390x Rocky Linux 10.0 x86_64

Fixes

2368749 2368756 2368755 2368750 2368751 2367016 2368752 2367018 2368757

CVEs

CVE-2025-4918 CVE-2025-4919 CVE-2025-5263 CVE-2025-5264 CVE-2025-5266 CVE-2025-5267 CVE-2025-5268 CVE-2025-5269 CVE-2025-5283

Affected packages

Rocky Linux 10.0 x86_64 - AppStream

thunderbird-debuginfo-0:128.11.0-1.el10_0.x86_64.rpm thunderbird-0:128.11.0-1.el10_0.x86_64.rpm thunderbird-debugsource-0:128.11.0-1.el10_0.x86_64.rpm thunderbird-0:128.11.0-1.el10_0.src.rpm

Rocky Linux 10.0 aarch64 - AppStream

thunderbird-debugsource-0:128.11.0-1.el10_0.aarch64.rpm thunderbird-debuginfo-0:128.11.0-1.el10_0.aarch64.rpm thunderbird-0:128.11.0-1.el10_0.aarch64.rpm thunderbird-0:128.11.0-1.el10_0.src.rpm

Rocky Linux 10.0 s390x - AppStream

thunderbird-debugsource-0:128.11.0-1.el10_0.s390x.rpm thunderbird-0:128.11.0-1.el10_0.s390x.rpm thunderbird-debuginfo-0:128.11.0-1.el10_0.s390x.rpm thunderbird-0:128.11.0-1.el10_0.src.rpm

Rocky Linux 10.0 ppc64le - AppStream

thunderbird-debugsource-0:128.11.0-1.el10_0.ppc64le.rpm thunderbird-debuginfo-0:128.11.0-1.el10_0.ppc64le.rpm thunderbird-0:128.11.0-1.el10_0.ppc64le.rpm thunderbird-0:128.11.0-1.el10_0.src.rpm