{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.6.0-150200.8.197.1","MozillaThunderbird-translations-common":"128.6.0-150200.8.197.1","MozillaThunderbird-translations-other":"128.6.0-150200.8.197.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.6.0-150200.8.197.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.6.0-150200.8.197.1","MozillaThunderbird-translations-common":"128.6.0-150200.8.197.1","MozillaThunderbird-translations-other":"128.6.0-150200.8.197.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP6","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.6.0-150200.8.197.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.6.0-150200.8.197.1","MozillaThunderbird-translations-common":"128.6.0-150200.8.197.1","MozillaThunderbird-translations-other":"128.6.0-150200.8.197.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.6.0-150200.8.197.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\nUpdate to Mozilla Thunderbird ESR 128.6 (MFSA 2025-05, bsc#1234991)\n\nSecurity fixes:\n\n  - CVE-2025-0237 (bmo#1915257)\n    WebChannel APIs susceptible to confused deputy attack\n  - CVE-2025-0238 (bmo#1915535)\n    Use-after-free when breaking lines in text\n  - CVE-2025-0239 (bmo#1929156)\n    Alt-Svc ALPN validation failure when redirected\n  - CVE-2025-0240 (bmo#1929623)\n    Compartment mismatch when parsing JavaScript JSON module\n  - CVE-2025-0241 (bmo#1933023)\n    Memory corruption when using JavaScript Text Segmentation\n  - CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873,\n    bmo#1932169)\n    Memory safety bugs fixed in Firefox 134, Thunderbird 134,\n    Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19,\n    and Thunderbird 128.6\n  - CVE-2025-0243 (bmo#1827142, bmo#1932783)\n    Memory safety bugs fixed in Firefox 134, Thunderbird 134,\n    Firefox ESR 128.6, and Thunderbird 128.6\n\nOther fixes:\n\n  - fixed: New mail notification was not hidden after reading the\n    new message (bmo#1920077)\n  - fixed: New mail notification could show for the wrong folder,\n    causing repeated alerts (bmo#1926462)\n  - fixed: macOS shortcut CMD+1 did not restore the main window\n    when it was minimized (bmo#1857953)\n  - fixed: Clicking the context menu 'Reply' button resulted in\n    'Reply-All' (bmo#1935883)\n  - fixed: Switching from 'All', 'Unread', and 'Threads with\n    unread' did not work (bmo#1921618)\n  - fixed: Downloading message headers from a newsgroup could\n    cause a hang (bmo#1931661)\n  - fixed: Message list performance slow when many updates\n    happened at once (bmo#1933104)\n  - fixed: 'mailto:' links did not apply the compose format of\n    the current identity (bmo#550414)\n  - fixed: Authentication failure of AUTH PLAIN or AUTH LOGIN did\n    not fall back to USERPASS (bmo#1928026)\n\n","id":"SUSE-SU-2025:0080-1","modified":"2025-01-13T15:30:55Z","published":"2025-01-13T15:30:55Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20250080-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1234991"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-0237"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-0238"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-0239"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-0240"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-0241"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-0242"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-0243"}],"related":["CVE-2025-0237","CVE-2025-0238","CVE-2025-0239","CVE-2025-0240","CVE-2025-0241","CVE-2025-0242","CVE-2025-0243"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2025-0237","CVE-2025-0238","CVE-2025-0239","CVE-2025-0240","CVE-2025-0241","CVE-2025-0242","CVE-2025-0243"]}