File _patchinfo of Package patchinfo.39900

<patchinfo incident="39900">
  <issue tracker="bnc" id="1246664">VUL-0: MozillaFirefox / MozillaThunderbird: update to 141.0 and 140.1esr</issue>
  <issue tracker="bnc" id="1244670">VUL-0: MozillaFirefox / MozillaThunderbird: update to 140.0 and 128.12esr</issue>
  <issue tracker="cve" id="2025-6432"/>
  <issue tracker="cve" id="2025-8040"/>
  <issue tracker="cve" id="2025-6430"/>
  <issue tracker="cve" id="2025-6429"/>
  <issue tracker="cve" id="2025-6434"/>
  <issue tracker="cve" id="2025-8035"/>
  <issue tracker="cve" id="2025-6426"/>
  <issue tracker="cve" id="2025-8032"/>
  <issue tracker="cve" id="2025-8038"/>
  <issue tracker="cve" id="2025-8033"/>
  <issue tracker="cve" id="2025-8036"/>
  <issue tracker="cve" id="2025-6435"/>
  <issue tracker="cve" id="2025-8039"/>
  <issue tracker="cve" id="2025-6424"/>
  <issue tracker="cve" id="2025-8030"/>
  <issue tracker="cve" id="2025-6427"/>
  <issue tracker="cve" id="2025-8034"/>
  <issue tracker="cve" id="2025-8031"/>
  <issue tracker="cve" id="2025-6436"/>
  <issue tracker="cve" id="2025-8027"/>
  <issue tracker="cve" id="2025-6425"/>
  <issue tracker="cve" id="2025-8028"/>
  <issue tracker="cve" id="2025-8037"/>
  <issue tracker="cve" id="2025-8029"/>
  <issue tracker="cve" id="2025-6433"/>
  <packager>MSirringhaus</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

Update to Mozilla Thunderbird 140.1 (MFSA 2025-63) (bsc#1246664):

- CVE-2025-8027: JavaScript engine only wrote partial return value to stack (bmo#1968423)
- CVE-2025-8028: Large branch table could lead to truncated instruction (bmo#1971581)
- CVE-2025-8029: javascript: URLs executed on object and embed tags (bmo#1928021)
- CVE-2025-8036: DNS rebinding circumvents CORS (bmo#1960834)
- CVE-2025-8037: Nameless cookies shadow secure cookies (bmo#1964767)
- CVE-2025-8030: Potential user-assisted code execution in "Copy as cURL" command (bmo#1968414)
- CVE-2025-8031: Incorrect URL stripping in CSP reports (bmo#1971719)
- CVE-2025-8032: XSLT documents could bypass CSP (bmo#1974407)
- CVE-2025-8038: CSP frame-src was not correctly enforced for paths (bmo#1808979)
- CVE-2025-8039: Search terms persisted in URL bar (bmo#1970997)
- CVE-2025-8033: Incorrect JavaScript state machine for generators (bmo#1973990)
- CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422)
- CVE-2025-8040: Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 (bmo#1975058, bmo#1975058, bmo#1975998, bmo#1975998)
- CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 (bmo#1975961, bmo#1975961, bmo#1975961)

Update to Mozilla Thunderbird 140.0.1 (MFSA 2025-54) (bsc#1244670):

- CVE-2025-6424: Use-after-free in FontFaceSet (bmo#1966423)
- CVE-2025-6425: The WebCompat WebExtension shipped exposed a persistent UUID (bmo#1717672)
- CVE-2025-6426: No warning when opening executable terminal files on macOS (bmo#1964385)
- CVE-2025-6427: connect-src Content Security Policy restriction could be bypassed (bmo#1966927)
- CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com (bmo#1970658)
- CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag (bmo#1971140)
- CVE-2025-6432: DNS Requests leaked outside of a configured SOCKS proxy (bmo#1943804)
- CVE-2025-6433: WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate (bmo#1954033)
- CVE-2025-6434: HTTPS-Only exception screen lacked anti-clickjacking delay (bmo#1955182)
- CVE-2025-6435: Save as in Devtools could download files without sanitizing the extension (bmo#1950056, bmo#1961777)
- CVE-2025-6436: Memory safety bugs fixed in Firefox 140 and Thunderbird 140 (bmo#1941377, bmo#1960948, bmo#1966187, bmo#1966505, bmo#1970764)
</description>
</patchinfo>