Overview

File _patchinfo of Package patchinfo.41645

<patchinfo incident="41645">
  <issue tracker="bnc" id="1253188">VUL-0: MozillaFirefox / MozillaThunderbird: update to 145.0 and 140.5esr</issue>
  <issue tracker="cve" id="2025-13020"/>
  <issue tracker="cve" id="2025-13014"/>
  <issue tracker="cve" id="2025-13016"/>
  <issue tracker="cve" id="2025-13015"/>
  <issue tracker="cve" id="2025-13012"/>
  <issue tracker="cve" id="2025-13019"/>
  <issue tracker="cve" id="2025-13017"/>
  <issue tracker="cve" id="2025-13013"/>
  <issue tracker="cve" id="2025-13018"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

- Update Mozilla Thunderbird to version 140.5 (bsc#1253188)
- CVE-2025-13012: Race condition in the Graphics component.
- CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component.
- CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component.
- CVE-2025-13018: Mitigation bypass in the DOM: Security component.
- CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component.
- CVE-2025-13013: Mitigation bypass in the DOM: Core &amp; HTML component.
- CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component.
- CVE-2025-13014: Use-after-free in the Audio/Video component.
- CVE-2025-13015: Spoofing issue in Thunderbird.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places