{"id":"MGASA-2025-0093","summary":"Updated thunderbird, thunderbird-l10n packages fix security vulnerabilities","details":"CVE-2024-43097: Overflow when growing an SkRegion's RunArray\nCVE-2025-1931: Use-after-free in WebTransportChild\nCVE-2025-1932: Inconsistent comparator in XSLT sorting led to\nout-of-bounds access\nCVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs\nCVE-2025-1934: Unexpected GC during RegExp bailout processing\nCVE-2025-1935: Clickjacking the registerProtocolHandler info-bar\nCVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the\ninterpretation of the contents\nCVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136,\nFirefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8\nCVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136,\nFirefox ESR 128.8, and Thunderbird 128.8\n","modified":"2026-04-16T04:40:52.261056074Z","published":"2025-03-12T07:00:00Z","upstream":["CVE-2024-43097","CVE-2025-1931","CVE-2025-1932","CVE-2025-1933","CVE-2025-1934","CVE-2025-1935","CVE-2025-1936","CVE-2025-1937","CVE-2025-1938"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0093.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34065"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/128.8.0esr/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.8.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0093.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"128.8.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0093.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}