{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.11.0-150200.8.221.1","MozillaThunderbird-translations-common":"128.11.0-150200.8.221.1","MozillaThunderbird-translations-other":"128.11.0-150200.8.221.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.11.0-150200.8.221.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.11.0-150200.8.221.1","MozillaThunderbird-translations-common":"128.11.0-150200.8.221.1","MozillaThunderbird-translations-other":"128.11.0-150200.8.221.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP7","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.11.0-150200.8.221.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.11.0-150200.8.221.1","MozillaThunderbird-translations-common":"128.11.0-150200.8.221.1","MozillaThunderbird-translations-other":"128.11.0-150200.8.221.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP6","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.11.0-150200.8.221.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.11.0-150200.8.221.1","MozillaThunderbird-translations-common":"128.11.0-150200.8.221.1","MozillaThunderbird-translations-other":"128.11.0-150200.8.221.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP7","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.11.0-150200.8.221.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"128.11.0-150200.8.221.1","MozillaThunderbird-translations-common":"128.11.0-150200.8.221.1","MozillaThunderbird-translations-other":"128.11.0-150200.8.221.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"128.11.0-150200.8.221.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\nUpdate to Mozilla Thunderbird 128.11 (MFSA 2025-46, bsc#1243353):\n\n- CVE-2025-5262: Double-free in libvpx encoder (bmo#1962421)\n- CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content (bmo#1960745)\n- CVE-2025-5264: Potential local code execution in 'Copy as cURL' command (bmo#1950001)\n- CVE-2025-5265: Potential local code execution in 'Copy as cURL' command (bmo#1962301)\n- CVE-2025-5266: Script element events leaked cross-origin resource status (bmo#1965628)\n- CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved payment card details (bmo#1954137)\n- CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 (bmo#1950136, bmo#1958121, bmo#1960499, bmo#1962634)\n- CVE-2025-5269: Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 (bmo#1924108)\n","id":"SUSE-SU-2025:01946-1","modified":"2025-06-13T10:17:01Z","published":"2025-06-13T10:17:01Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202501946-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243353"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-5262"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-5263"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-5264"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-5265"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-5266"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-5267"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-5268"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-5269"}],"related":["CVE-2025-5262","CVE-2025-5263","CVE-2025-5264","CVE-2025-5265","CVE-2025-5266","CVE-2025-5267","CVE-2025-5268","CVE-2025-5269"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2025-5262","CVE-2025-5263","CVE-2025-5264","CVE-2025-5265","CVE-2025-5266","CVE-2025-5267","CVE-2025-5268","CVE-2025-5269"]}