{"id":"ALSA-2025:12188","summary":"Important: thunderbird security update","details":"Mozilla Thunderbird is a standalone mail and newsgroup client.  \n\nSecurity Fix(es):  \n\n  * firefox: thunderbird: Large branch table could lead to truncated instruction (CVE-2025-8028)\n  * firefox: thunderbird: Memory safety bugs (CVE-2025-8035)\n  * firefox: thunderbird: Incorrect URL stripping in CSP reports (CVE-2025-8031)\n  * firefox: thunderbird: JavaScript engine only wrote partial return value to stack (CVE-2025-8027)\n  * firefox: thunderbird: Potential user-assisted code execution in ?Copy as cURL? command (CVE-2025-8030)\n  * firefox: Memory safety bugs (CVE-2025-8034)\n  * firefox: thunderbird: Incorrect JavaScript state machine for generators (CVE-2025-8033)\n  * firefox: thunderbird: XSLT documents could bypass CSP (CVE-2025-8032)\n  * firefox: thunderbird: javascript: URLs executed on object and embed tags (CVE-2025-8029)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-02-04T02:49:10.407544Z","published":"2025-07-29T00:00:00Z","related":["CVE-2025-8027","CVE-2025-8028","CVE-2025-8029","CVE-2025-8030","CVE-2025-8031","CVE-2025-8032","CVE-2025-8033","CVE-2025-8034","CVE-2025-8035"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:12188"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8027"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8028"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8029"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8030"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8031"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8032"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8033"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8034"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-8035"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382701"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382703"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382704"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382707"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382710"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382711"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382717"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382718"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2382720"},{"type":"ADVISORY","url":"https://errata.almalinux.org/10/ALSA-2025-12188.html"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/thunderbird"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.13.0-3.el10_0.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:12188.json"}}],"schema_version":"1.7.3"}