Overview

File _patchinfo of Package patchinfo.38366

<patchinfo incident="38366">
  <issue tracker="bnc" id="1241277">VUL-0: MozillaFirefox / MozillaThunderbird: update to 137.0.2 and 128.9.2esr</issue>
  <issue tracker="cve" id="2025-3523"/>
  <issue tracker="cve" id="2025-3522"/>
  <issue tracker="cve" id="2025-2830"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

- Mozilla Thunderbird 128.9.2 (bsc#1241277)
- CVE-2025-3522: Leak of hashed Window credentials via crafted attachment URL
- CVE-2025-2830: Information Disclosure of /tmp directory listing
- CVE-2025-3523: User Interface (UI) Misrepresentation of attachment URL
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places