Debian Thunderbird vulnerabilities

CVE-2025-5267 [MEDIUM] CVE-2025-5267: firefox - A clickjacking vulnerability could have been used to trick a user into leaking s... A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. Scope: local sid: resolved (fixed in 139.0-1)

CVE-2025-10529 [MEDIUM] CVE-2025-10529: firefox - Same-origin policy bypass in the Layout component. This vulnerability affects Fi... Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. Scope: local sid: resolved (fixed in 143.0-1)

CVE-2025-3932 [MEDIUM] CVE-2025-3932: thunderbird - It was possible to craft an email that showed a tracking link as an attachment. ... It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an em

CVE-2025-1013 [MEDIUM] CVE-2025-1013: firefox - A race condition could have led to private browsing tabs being opened in normal ... A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Scope: local sid: resolved (fixed in 135.0-1)

CVE-2025-0238 [MEDIUM] CVE-2025-0238: firefox - Assuming a controlled failed memory allocation, an attacker could have caused a ... Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6. Scope: local sid: resolved (fixed in 134.0-1)

CVE-2025-1934 [MEDIUM] CVE-2025-1934: firefox - It was possible to interrupt the processing of a RegExp bailout and run addition... It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. Scope: local sid: resolved (fixed in 136.0-1)

CVE-2025-8033 [MEDIUM] CVE-2025-8033: firefox - The JavaScript engine did not handle closed generators correctly and it was poss... The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)

CVE-2025-5263 [MEDIUM] CVE-2025-5263: firefox - Error handling for script execution was incorrectly isolated from web content, w... Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. Scope: local sid: resolved (fixed in 139.0-1)

CVE-2025-6429 [MEDIUM] CVE-2025-6429: firefox - Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com ... Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12. Scope: local s

CVE-2025-1015 [MEDIUM] CVE-2025-1015: thunderbird - The Thunderbird Address Book URI fields contained unsanitized links. This could ... The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunder

CVE-2025-3028 [MEDIUM] CVE-2025-3028: firefox - JavaScript code running while transforming a document with the XSLTProcessor cou... JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. Scope: local sid: resolved (fixed in 137.0-1)

CVE-2025-14331 [MEDIUM] CVE-2025-14331: firefox - Same-origin policy bypass in the Request Handling component. This vulnerability ... Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Scope: local sid: resolved (fixed in 146.0-1)

CVE-2025-4087 [MEDIUM] CVE-2025-4087: firefox - A vulnerability was identified in Thunderbird where XPath parsing could trigger ... A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10. Scope: local sid: resolved

CVE-2025-5266 [MEDIUM] CVE-2025-5266: firefox - Script elements loading cross-origin resources generated load and error events w... Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. Scope: local sid: resolved (fixed in 139.0-1)

CVE-2025-11711 [MEDIUM] CVE-2025-11711: firefox - There was a way to change the value of JavaScript Object properties that were su... There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Scope: local sid: resolved (fixed in 144.0-1)

CVE-2025-6425 [MEDIUM] CVE-2025-6425: firefox - An attacker who enumerated resources from the WebCompat extension could have obt... An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12. Scope: local sid: r

CVE-2025-0243 [MEDIUM] CVE-2025-0243: firefox - Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, a... Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. S

CVE-2025-2830 [MEDIUM] CVE-2025-2830: thunderbird - By crafting a malformed file name for an attachment in a multipart message, an a... By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar

CVE-2025-5264 [MEDIUM] CVE-2025-5264: firefox - Due to insufficient escaping of the newline character in the “Copy as cURL” feat... Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. Scope: local sid: resolved (fi

CVE-2025-9181 [MEDIUM] CVE-2025-9181: firefox - Uninitialized memory in the JavaScript Engine component. This vulnerability affe... Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. Scope: local sid: resolved (fixed in 142.0-1)