{"id":"MGASA-2025-0247","summary":"Updated thunderbird packgaes fix security vulnerabilities","details":"CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance()\nCVE-2025-11709: Out of bounds read/write in a privileged process\ntriggered by WebGL textures\nCVE-2025-11710: Cross-process information leaked due to malicious IPC\nmessages\nCVE-2025-11711: Some non-writable Object properties could be modified\nCVE-2025-11712: An OBJECT tag type attribute overrode browser behavior\non web resources without a content-type\nCVE-2025-11713: Potential user-assisted code execution in “Copy as cURL”\ncommand\nCVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox\nESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144\nCVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4,\nThunderbird ESR 140.4, Firefox 144 and Thunderbird 144, and other\nsecurity fixes; please see the links.\n","modified":"2026-04-16T00:12:11.843782667Z","published":"2025-10-23T19:37:59Z","upstream":["CVE-2025-10527","CVE-2025-10528","CVE-2025-10529","CVE-2025-10532","CVE-2025-10533","CVE-2025-10536","CVE-2025-10537","CVE-2025-11708","CVE-2025-11709","CVE-2025-11710","CVE-2025-11711","CVE-2025-11712","CVE-2025-11713","CVE-2025-11714","CVE-2025-11715"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0247.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34638"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/140.4.0esr/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/140.4.0esr/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/140.3.1esr/releasenotes/"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/140.3.0esr/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"140.4.0-1.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0247.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"140.4.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0247.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}