INFCSA-2025:16156: thunderbird security update
Information about definition
Identificator: INFCSA-2025:16156
Type: security
Release date: 2025-09-23 15:00:52 UTC
Information about package
Mozilla Thunderbird is a standalone mail and newsgroup client.
Vulnerabilities description
- CVE-2025-10527
firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component.
- CVE-2025-10528
firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component.
- CVE-2025-10529
irefox: thunderbird: Same-origin policy bypass in the Layout component.
- CVE-2025-10532
firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component.
- CVE-2025-10533
firefox: thunderbird: Integer overflow in the SVG component.
- CVE-2025-10536
firefox: thunderbird: Information disclosure in the Networking: Cache component.
- CVE-2025-10537
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-10527
|
no information | 7.5 | no information |
|
NIST — CVE-2025-10528
|
no information | 7.5 | no information |
|
NIST — CVE-2025-10529
|
no information | 6.1 | no information |
|
NIST — CVE-2025-10532
|
no information | 6.1 | no information |
|
NIST — CVE-2025-10533
|
no information | 6.1 | no information |
|
NIST — CVE-2025-10536
|
no information | 3.4 | no information |
|
NIST — CVE-2025-10537
|
no information | 7.5 | no information |
Updated packages
Preparing to download...