Overview

File _patchinfo of Package patchinfo.39630

<patchinfo incident="39630">
  <issue tracker="bnc" id="1244670">VUL-0: MozillaFirefox / MozillaThunderbird: update to 140.0 and 128.12esr</issue>
  <issue tracker="cve" id="2025-6426"/>
  <issue tracker="cve" id="2025-6429"/>
  <issue tracker="cve" id="2025-6425"/>
  <issue tracker="cve" id="2025-6424"/>
  <issue tracker="cve" id="2025-6430"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

Update to Mozilla Thunderbird 128.12 (MFSA 2025-55, bsc#1244670):

- CVE-2025-6424: Use-after-free in FontFaceSet (bmo#1966423)
- CVE-2025-6425: The WebCompat WebExtension shipped exposed a persistent UUID (bmo#1717672)
- CVE-2025-6426: No warning when opening executable terminal files on macOS (bmo#1964385)
- CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com (bmo#1970658)
- CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag (bmo#1971140)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places