Debian Thunderbird vulnerabilities

CVE-2025-9180 [HIGH] CVE-2025-9180: firefox - Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerabilit... Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. Scope: local sid: resolved (fixed in 142.0-1)

CVE-2025-11714 [HIGH] CVE-2025-11714: firefox - Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird... Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4,

CVE-2025-3875 [HIGH] CVE-2025-3875: thunderbird - Thunderbird parses addresses in a way that can allow sender spoofing in case the... Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats [email protected] as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. Scope: local bookwo

CVE-2025-10527 [HIGH] CVE-2025-10527: firefox - Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This v... Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. Scope: local sid: resolved (fixed in 143.0-1)

CVE-2025-14325 [HIGH] CVE-2025-14325: firefox - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability a... JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Scope: local sid: resolved (fixed in 146.0-1)

CVE-2025-5269 [HIGH] CVE-2025-5269: firefox-esr - Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bu... Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.11 and Thunderbird < 128.11. Scope: local bookworm: resolved (fixed in 128.11.0esr-1~deb12u1) bullseye: resol

CVE-2025-14327 [HIGH] CVE-2025-14327: firefox - Spoofing issue in the Downloads Panel component. This vulnerability affects Fire... Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7. Scope: local sid: resolved (fixed in 146.0-1)

CVE-2025-13018 [HIGH] CVE-2025-13018: firefox - Mitigation bypass in the DOM: Security component. This vulnerability affects Fir... Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. Scope: local sid: resolved (fixed in 145.0-1)

CVE-2025-11715 [HIGH] CVE-2025-11715: firefox - Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox ... Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4

CVE-2025-13012 [HIGH] CVE-2025-13012: firefox - Race condition in the Graphics component. This vulnerability affects Firefox < 1... Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. Scope: local sid: resolved (fixed in 145.0-1)

CVE-2025-1012 [HIGH] CVE-2025-1012: firefox - A race during concurrent delazification could have led to a use-after-free. This... A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Scope: local sid: resolved (fixed in 135.0-1)

CVE-2025-13014 [HIGH] CVE-2025-13014: firefox - Use-after-free in the Audio/Video component. This vulnerability affects Firefox ... Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. Scope: local sid: resolved (fixed in 145.0-1)

CVE-2025-14333 [HIGH] CVE-2025-14333: firefox - Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox ... Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6

CVE-2025-1936 [HIGH] CVE-2025-1936: firefox - jar: URLs retrieve local file content packaged in a ZIP archive. The null and ev... jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firef

CVE-2025-9185 [HIGH] CVE-2025-9185: firefox - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbir... Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, F

CVE-2025-4091 [HIGH] CVE-2025-4091: firefox - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, a... Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10. S

CVE-2025-1931 [HIGH] CVE-2025-1931: firefox - It was possible to cause a use-after-free in the content process side of a WebTr... It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. Scope: local sid: resolved (fixed in 136.0-1)

CVE-2025-0239 [MEDIUM] CVE-2025-0239: firefox - When using Alt-Svc, ALPN did not properly validate certificates when the origina... When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Scope: local sid: resolved (fixed in 134.0-1)

CVE-2025-0237 [MEDIUM] CVE-2025-0237: firefox - The WebChannel API, which is used to transport various information across proces... The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Scope: local sid: resolved (fixed in 134.

CVE-2025-3522 [MEDIUM] CVE-2025-3522: thunderbird - Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle att... Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome://