{"id":"MGASA-2025-0329","summary":"Updated thunderbird packages fix security vulnerabilities","details":"Use-after-free in the WebRTC: Signaling component. (CVE-2025-14321)\nSandbox escape due to incorrect boundary conditions in the Graphics:\nCanvasWebGL component. (CVE-2025-14322)\nPrivilege escalation in the DOM: Notifications component.\n(CVE-2025-14323)\nIT miscompilation in the JavaScript Engine: JIT component.\n(CVE-2025-14324, CVE-2025-14325, CVE-2025-14330)\nPrivilege escalation in the Netmonitor component. (CVE-2025-14328,\nCVE-2025-14329)\nSame-origin policy bypass in the Request Handling component.\n(CVE-2025-14331)\nMemory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6,\n Firefox 146 and Thunderbird 146. (CVE-2025-14333)\n","modified":"2026-04-16T04:44:33.636794326Z","published":"2025-12-15T20:06:19Z","upstream":["CVE-2025-14321","CVE-2025-14322","CVE-2025-14323","CVE-2025-14324","CVE-2025-14325","CVE-2025-14328","CVE-2025-14329","CVE-2025-14330","CVE-2025-14331","CVE-2025-14333"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0329.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34820"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/140.6.0esr/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"140.6.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0329.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"140.6.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0329.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}