Security update for MozillaThunderbird SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4006-1 Final 1 1 2025-11-10T08:00:18Z current 2025-11-10T08:00:18Z 2025-11-10T08:00:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaThunderbird This update for MozillaThunderbird fixes the following issue: Mozilla Thunderbird is updated to 140.4. * changed: Account Hub is now disabled by default for second email account (bmo#1992027) * changed: Flatpak runtime has been updated to Freedesktop SDK 24.08 (bmo#1952100) * fixed: Users could not read mail signed with OpenPGP v6 and PQC keys (bmo#1986845) * fixed: Image preview in Insert Image dialog failed with CSP error for web resources (bmo#1989392) * fixed: Emptying trash on exit did not work with some providers (bmo#1975147) * fixed: Thunderbird could crash when applying filters (bmo#1987880) * fixed: Users were unable to override expired mail server certificate (bmo#1979323) * fixed: Opening Website header link in RSS feed incorrectly re-encoded URL parameters (bmo#1971035) Security fixes: MFSA 2025-85 (bsc#1251263): * CVE-2025-11708 (bmo#1988931) Use-after-free in MediaTrackGraphImpl::GetInstance() * CVE-2025-11709 (bmo#1989127) Out of bounds read/write in a privileged process triggered by WebGL textures * CVE-2025-11710 (bmo#1989899) Cross-process information leaked due to malicious IPC messages * CVE-2025-11711 (bmo#1989978) Some non-writable Object properties could be modified * CVE-2025-11712 (bmo#1979536) An OBJECT tag type attribute overrode browser behavior on web resources without a content-type * CVE-2025-11713 (bmo#1986142) Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-11714 (bmo#1973699, bmo#1989945, bmo#1990970, bmo#1991040, bmo#1992113) Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 * CVE-2025-11715 (bmo#1983838, bmo#1987624, bmo#1988244, bmo#1988912, bmo#1989734, bmo#1990085, bmo#1991899) Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4006,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-4006,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4006,SUSE-SLE-Product-WE-15-SP6-2025-4006,SUSE-SLE-Product-WE-15-SP7-2025-4006,openSUSE-SLE-15.6-2025-4006 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254006-1/ Link for SUSE-SU-2025:4006-1 https://lists.suse.com/pipermail/sle-security-updates/2025-November/023193.html E-Mail link for SUSE-SU-2025:4006-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1251263 SUSE Bug 1251263 https://bugzilla.suse.com/1952100 SUSE Bug 1952100 https://bugzilla.suse.com/1973699 SUSE Bug 1973699 https://bugzilla.suse.com/1975147 SUSE Bug 1975147 https://bugzilla.suse.com/1979323 SUSE Bug 1979323 https://bugzilla.suse.com/1979536 SUSE Bug 1979536 https://bugzilla.suse.com/1983838 SUSE Bug 1983838 https://bugzilla.suse.com/1986142 SUSE Bug 1986142 https://bugzilla.suse.com/1986845 SUSE Bug 1986845 https://bugzilla.suse.com/1987624 SUSE Bug 1987624 https://bugzilla.suse.com/1987880 SUSE Bug 1987880 https://bugzilla.suse.com/1988244 SUSE Bug 1988244 https://bugzilla.suse.com/1988912 SUSE Bug 1988912 https://bugzilla.suse.com/1988931 SUSE Bug 1988931 https://bugzilla.suse.com/1989127 SUSE Bug 1989127 https://bugzilla.suse.com/1989392 SUSE Bug 1989392 https://bugzilla.suse.com/1989734 SUSE Bug 1989734 https://bugzilla.suse.com/1989899 SUSE Bug 1989899 https://bugzilla.suse.com/1989945 SUSE Bug 1989945 https://bugzilla.suse.com/1989978 SUSE Bug 1989978 https://bugzilla.suse.com/1990085 SUSE Bug 1990085 https://bugzilla.suse.com/1990970 SUSE Bug 1990970 https://bugzilla.suse.com/1991040 SUSE Bug 1991040 https://bugzilla.suse.com/1991899 SUSE Bug 1991899 https://bugzilla.suse.com/1992027 SUSE Bug 1992027 https://bugzilla.suse.com/1992113 SUSE Bug 1992113 https://www.suse.com/security/cve/CVE-2025-11708/ SUSE CVE CVE-2025-11708 page https://www.suse.com/security/cve/CVE-2025-11709/ SUSE CVE CVE-2025-11709 page https://www.suse.com/security/cve/CVE-2025-11710/ SUSE CVE CVE-2025-11710 page https://www.suse.com/security/cve/CVE-2025-11711/ SUSE CVE CVE-2025-11711 page https://www.suse.com/security/cve/CVE-2025-11712/ SUSE CVE CVE-2025-11712 page https://www.suse.com/security/cve/CVE-2025-11713/ SUSE CVE CVE-2025-11713 page https://www.suse.com/security/cve/CVE-2025-11714/ SUSE CVE CVE-2025-11714 page https://www.suse.com/security/cve/CVE-2025-11715/ SUSE CVE CVE-2025-11715 page SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP6 SUSE Linux Enterprise Workstation Extension 15 SP7 openSUSE Leap 15.6 MozillaThunderbird-140.4.0-150200.8.242.1 MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 MozillaThunderbird-140.4.0-150200.8.242.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-140.4.0-150200.8.242.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-140.4.0-150200.8.242.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-140.4.0-150200.8.242.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-140.4.0-150200.8.242.1 as a component of openSUSE Leap 15.6 MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 as a component of openSUSE Leap 15.6 MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 as a component of openSUSE Leap 15.6 Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. CVE-2025-11708 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254006-1/ https://www.suse.com/security/cve/CVE-2025-11708.html CVE-2025-11708 https://bugzilla.suse.com/1251263 SUSE Bug 1251263 A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. CVE-2025-11709 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254006-1/ https://www.suse.com/security/cve/CVE-2025-11709.html CVE-2025-11709 https://bugzilla.suse.com/1251263 SUSE Bug 1251263 A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. CVE-2025-11710 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254006-1/ https://www.suse.com/security/cve/CVE-2025-11710.html CVE-2025-11710 https://bugzilla.suse.com/1251263 SUSE Bug 1251263 There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. CVE-2025-11711 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254006-1/ https://www.suse.com/security/cve/CVE-2025-11711.html CVE-2025-11711 https://bugzilla.suse.com/1251263 SUSE Bug 1251263 A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. CVE-2025-11712 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254006-1/ https://www.suse.com/security/cve/CVE-2025-11712.html CVE-2025-11712 https://bugzilla.suse.com/1251263 SUSE Bug 1251263 Insufficient escaping in the "Copy as cURL" feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. CVE-2025-11713 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254006-1/ https://www.suse.com/security/cve/CVE-2025-11713.html CVE-2025-11713 https://bugzilla.suse.com/1251263 SUSE Bug 1251263 Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. CVE-2025-11714 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254006-1/ https://www.suse.com/security/cve/CVE-2025-11714.html CVE-2025-11714 https://bugzilla.suse.com/1251263 SUSE Bug 1251263 Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. CVE-2025-11715 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.4.0-150200.8.242.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.4.0-150200.8.242.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254006-1/ https://www.suse.com/security/cve/CVE-2025-11715.html CVE-2025-11715 https://bugzilla.suse.com/1251263 SUSE Bug 1251263