Security update for MozillaThunderbird SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4397-1 Final 1 1 2025-12-15T11:26:39Z current 2025-12-15T11:26:39Z 2025-12-15T11:26:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaThunderbird This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.6 (bsc#1254551). - MFSA 2025-96 * CVE-2025-14321: use-after-free in the WebRTC: Signaling component. * CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. * CVE-2025-14323: privilege escalation in the DOM: Notifications component. * CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component. * CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component. * CVE-2025-14328: privilege escalation in the Netmonitor component. * CVE-2025-14329: privilege escalation in the Netmonitor component. * CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component. * CVE-2025-14331: same-origin policy bypass in the Request Handling component. * CVE-2025-14333: memory safety bugs. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4397,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-4397,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4397,SUSE-SLE-Product-WE-15-SP6-2025-4397,SUSE-SLE-Product-WE-15-SP7-2025-4397,openSUSE-SLE-15.6-2025-4397 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254397-1/ Link for SUSE-SU-2025:4397-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023540.html E-Mail link for SUSE-SU-2025:4397-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1254551 SUSE Bug 1254551 https://www.suse.com/security/cve/CVE-2025-14321/ SUSE CVE CVE-2025-14321 page https://www.suse.com/security/cve/CVE-2025-14322/ SUSE CVE CVE-2025-14322 page https://www.suse.com/security/cve/CVE-2025-14323/ SUSE CVE CVE-2025-14323 page https://www.suse.com/security/cve/CVE-2025-14324/ SUSE CVE CVE-2025-14324 page https://www.suse.com/security/cve/CVE-2025-14325/ SUSE CVE CVE-2025-14325 page https://www.suse.com/security/cve/CVE-2025-14328/ SUSE CVE CVE-2025-14328 page https://www.suse.com/security/cve/CVE-2025-14329/ SUSE CVE CVE-2025-14329 page https://www.suse.com/security/cve/CVE-2025-14330/ SUSE CVE CVE-2025-14330 page https://www.suse.com/security/cve/CVE-2025-14331/ SUSE CVE CVE-2025-14331 page https://www.suse.com/security/cve/CVE-2025-14333/ SUSE CVE CVE-2025-14333 page SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP6 SUSE Linux Enterprise Workstation Extension 15 SP7 openSUSE Leap 15.6 MozillaThunderbird-140.6.0-150200.8.248.1 MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 MozillaThunderbird-140.6.0-150200.8.248.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-140.6.0-150200.8.248.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-140.6.0-150200.8.248.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-140.6.0-150200.8.248.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-140.6.0-150200.8.248.1 as a component of openSUSE Leap 15.6 MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 as a component of openSUSE Leap 15.6 MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 as a component of openSUSE Leap 15.6 Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14321 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254397-1/ https://www.suse.com/security/cve/CVE-2025-14321.html CVE-2025-14321 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14322 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254397-1/ https://www.suse.com/security/cve/CVE-2025-14322.html CVE-2025-14322 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14323 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254397-1/ https://www.suse.com/security/cve/CVE-2025-14323.html CVE-2025-14323 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14324 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254397-1/ https://www.suse.com/security/cve/CVE-2025-14324.html CVE-2025-14324 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14325 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254397-1/ https://www.suse.com/security/cve/CVE-2025-14325.html CVE-2025-14325 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14328 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254397-1/ https://www.suse.com/security/cve/CVE-2025-14328.html CVE-2025-14328 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14329 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254397-1/ https://www.suse.com/security/cve/CVE-2025-14329.html CVE-2025-14329 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14330 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254397-1/ https://www.suse.com/security/cve/CVE-2025-14330.html CVE-2025-14330 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14331 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254397-1/ https://www.suse.com/security/cve/CVE-2025-14331.html CVE-2025-14331 https://bugzilla.suse.com/1254551 SUSE Bug 1254551 Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. CVE-2025-14333 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.6.0-150200.8.248.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.6.0-150200.8.248.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254397-1/ https://www.suse.com/security/cve/CVE-2025-14333.html CVE-2025-14333 https://bugzilla.suse.com/1254551 SUSE Bug 1254551