INFCSA-2025:16156: thunderbird security update

Information about definition

Identificator: INFCSA-2025:16156

Type: security

Release date: 2025-09-23 15:00:52 UTC

Information about package

Mozilla Thunderbird is a standalone mail and newsgroup client.

Vulnerabilities description

  • CVE-2025-10527

    firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component.

  • CVE-2025-10528

    firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component.

  • CVE-2025-10529

    irefox: thunderbird: Same-origin policy bypass in the Layout component.

  • CVE-2025-10532

    firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component.

  • CVE-2025-10533

    firefox: thunderbird: Integer overflow in the SVG component.

  • CVE-2025-10536

    firefox: thunderbird: Information disclosure in the Networking: Cache component.

  • CVE-2025-10537

    firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143.

Updated packages

loader icon Preparing to download...
Architecture: Download