Security update for MozillaThunderbird SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4195-1 Final 1 1 2025-11-24T10:53:51Z current 2025-11-24T10:53:51Z 2025-11-24T10:53:51Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaThunderbird This update for MozillaThunderbird fixes the following issues: - Update Mozilla Thunderbird to version 140.5 (bsc#1253188) - CVE-2025-13012: Race condition in the Graphics component. - CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component. - CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component. - CVE-2025-13018: Mitigation bypass in the DOM: Security component. - CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component. - CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component. - CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component. - CVE-2025-13014: Use-after-free in the Audio/Video component. - CVE-2025-13015: Spoofing issue in Thunderbird. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4195,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-4195,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4195,SUSE-SLE-Product-WE-15-SP6-2025-4195,SUSE-SLE-Product-WE-15-SP7-2025-4195,openSUSE-SLE-15.6-2025-4195 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254195-1/ Link for SUSE-SU-2025:4195-1 https://lists.suse.com/pipermail/sle-security-updates/2025-November/023337.html E-Mail link for SUSE-SU-2025:4195-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1253188 SUSE Bug 1253188 https://www.suse.com/security/cve/CVE-2025-13012/ SUSE CVE CVE-2025-13012 page https://www.suse.com/security/cve/CVE-2025-13013/ SUSE CVE CVE-2025-13013 page https://www.suse.com/security/cve/CVE-2025-13014/ SUSE CVE CVE-2025-13014 page https://www.suse.com/security/cve/CVE-2025-13015/ SUSE CVE CVE-2025-13015 page https://www.suse.com/security/cve/CVE-2025-13016/ SUSE CVE CVE-2025-13016 page https://www.suse.com/security/cve/CVE-2025-13017/ SUSE CVE CVE-2025-13017 page https://www.suse.com/security/cve/CVE-2025-13018/ SUSE CVE CVE-2025-13018 page https://www.suse.com/security/cve/CVE-2025-13019/ SUSE CVE CVE-2025-13019 page https://www.suse.com/security/cve/CVE-2025-13020/ SUSE CVE CVE-2025-13020 page SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP6 SUSE Linux Enterprise Workstation Extension 15 SP7 openSUSE Leap 15.6 MozillaThunderbird-140.5.0-150200.8.245.1 MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 MozillaThunderbird-140.5.0-150200.8.245.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-140.5.0-150200.8.245.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-140.5.0-150200.8.245.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-140.5.0-150200.8.245.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-140.5.0-150200.8.245.1 as a component of openSUSE Leap 15.6 MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 as a component of openSUSE Leap 15.6 MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 as a component of openSUSE Leap 15.6 Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. CVE-2025-13012 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254195-1/ https://www.suse.com/security/cve/CVE-2025-13012.html CVE-2025-13012 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. CVE-2025-13013 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254195-1/ https://www.suse.com/security/cve/CVE-2025-13013.html CVE-2025-13013 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. CVE-2025-13014 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254195-1/ https://www.suse.com/security/cve/CVE-2025-13014.html CVE-2025-13014 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. CVE-2025-13015 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254195-1/ https://www.suse.com/security/cve/CVE-2025-13015.html CVE-2025-13015 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. CVE-2025-13016 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254195-1/ https://www.suse.com/security/cve/CVE-2025-13016.html CVE-2025-13016 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. CVE-2025-13017 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254195-1/ https://www.suse.com/security/cve/CVE-2025-13017.html CVE-2025-13017 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. CVE-2025-13018 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254195-1/ https://www.suse.com/security/cve/CVE-2025-13018.html CVE-2025-13018 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. CVE-2025-13019 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254195-1/ https://www.suse.com/security/cve/CVE-2025-13019.html CVE-2025-13019 https://bugzilla.suse.com/1253188 SUSE Bug 1253188 Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. CVE-2025-13020 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.5.0-150200.8.245.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.5.0-150200.8.245.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254195-1/ https://www.suse.com/security/cve/CVE-2025-13020.html CVE-2025-13020 https://bugzilla.suse.com/1253188 SUSE Bug 1253188