Overview

File _patchinfo of Package patchinfo.41479

<patchinfo incident="41479">
  <category>security</category>
  <rating>important</rating>
  <packager>msmeissn</packager>
  <summary>Security update for MozillaThunderbird</summary>
  <description>
This update for MozillaThunderbird fixes the following issue:

Mozilla Thunderbird is updated to 140.4.

 * changed: Account Hub is now disabled by default for second
   email account (bmo#1992027)
 * changed: Flatpak runtime has been updated to Freedesktop SDK
   24.08 (bmo#1952100)
 * fixed: Users could not read mail signed with OpenPGP v6 and
   PQC keys (bmo#1986845)
 * fixed: Image preview in Insert Image dialog failed with CSP
   error for web resources (bmo#1989392)
 * fixed: Emptying trash on exit did not work with some
   providers (bmo#1975147)
 * fixed: Thunderbird could crash when applying filters
   (bmo#1987880)
 * fixed: Users were unable to override expired mail server
   certificate (bmo#1979323)
 * fixed: Opening Website header link in RSS feed incorrectly
   re-encoded URL parameters (bmo#1971035)

Security fixes:

MFSA 2025-85 (bsc#1251263):

 * CVE-2025-11708 (bmo#1988931)
   Use-after-free in MediaTrackGraphImpl::GetInstance()
 * CVE-2025-11709 (bmo#1989127)
   Out of bounds read/write in a privileged process triggered by
   WebGL textures
 * CVE-2025-11710 (bmo#1989899)
   Cross-process information leaked due to malicious IPC
   messages
 * CVE-2025-11711 (bmo#1989978)
   Some non-writable Object properties could be modified
 * CVE-2025-11712 (bmo#1979536)
   An OBJECT tag type attribute overrode browser behavior on web
   resources without a content-type
 * CVE-2025-11713 (bmo#1986142)
   Potential user-assisted code execution in “Copy as cURL”
   command
 * CVE-2025-11714 (bmo#1973699, bmo#1989945, bmo#1990970,
   bmo#1991040, bmo#1992113)
   Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR
   140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
 * CVE-2025-11715 (bmo#1983838, bmo#1987624, bmo#1988244,
   bmo#1988912, bmo#1989734, bmo#1990085, bmo#1991899)
   Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird
   ESR 140.4, Firefox 144 and Thunderbird 144
</description>
  <issue id="1251263" tracker="bnc"/>
  <issue id="1973699" tracker="bmo"/>
  <issue id="1979536" tracker="bmo"/>
  <issue id="1983838" tracker="bmo"/>
  <issue id="1986142" tracker="bmo"/>
  <issue id="1987624" tracker="bmo"/>
  <issue id="1988244" tracker="bmo"/>
  <issue id="1988912" tracker="bmo"/>
  <issue id="1988931" tracker="bmo"/>
  <issue id="1989127" tracker="bmo"/>
  <issue id="1989734" tracker="bmo"/>
  <issue id="1989899" tracker="bmo"/>
  <issue id="1989945" tracker="bmo"/>
  <issue id="1989978" tracker="bmo"/>
  <issue id="1990085" tracker="bmo"/>
  <issue id="1990970" tracker="bmo"/>
  <issue id="1991040" tracker="bmo"/>
  <issue id="1991899" tracker="bmo"/>
  <issue id="1992113" tracker="bmo"/>
  <issue id="2025-11708" tracker="cve"/>
  <issue id="2025-11709" tracker="cve"/>
  <issue id="2025-11710" tracker="cve"/>
  <issue id="2025-11711" tracker="cve"/>
  <issue id="2025-11712" tracker="cve"/>
  <issue id="2025-11713" tracker="cve"/>
  <issue id="2025-11714" tracker="cve"/>
  <issue id="2025-11715" tracker="cve"/>
  <issue id="1952100" tracker="bmo"/>
  <issue id="1975147" tracker="bmo"/>
  <issue id="1979323" tracker="bmo"/>
  <issue id="1986845" tracker="bmo"/>
  <issue id="1987880" tracker="bmo"/>
  <issue id="1989392" tracker="bmo"/>
  <issue id="1992027" tracker="bmo"/>
</patchinfo>
openSUSE Build Service is sponsored by
Places