{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"140.2.0-150200.8.236.1","MozillaThunderbird-translations-common":"140.2.0-150200.8.236.1","MozillaThunderbird-translations-other":"140.2.0-150200.8.236.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"140.2.0-150200.8.236.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"140.2.0-150200.8.236.1","MozillaThunderbird-translations-common":"140.2.0-150200.8.236.1","MozillaThunderbird-translations-other":"140.2.0-150200.8.236.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP7","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"140.2.0-150200.8.236.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"140.2.0-150200.8.236.1","MozillaThunderbird-translations-common":"140.2.0-150200.8.236.1","MozillaThunderbird-translations-other":"140.2.0-150200.8.236.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP6","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"140.2.0-150200.8.236.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"140.2.0-150200.8.236.1","MozillaThunderbird-translations-common":"140.2.0-150200.8.236.1","MozillaThunderbird-translations-other":"140.2.0-150200.8.236.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP7","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"140.2.0-150200.8.236.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"140.2.0-150200.8.236.1","MozillaThunderbird-translations-common":"140.2.0-150200.8.236.1","MozillaThunderbird-translations-other":"140.2.0-150200.8.236.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"140.2.0-150200.8.236.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\nUpdated to Mozilla Thunderbird 140.2 MFSA 2025-72 (bsc#1248162):\n  * CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP\n    component\n  * CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component\n  * CVE-2025-9181: Uninitialized memory in the JavaScript Engine component\n  * CVE-2025-9182: Denial-of-service due to out-of-memory in the Graphics:\n    WebRender component\n  * CVE-2025-9184: Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird\n    ESR 140.2, Firefox 142 and Thunderbird 142\n  * CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR\n    128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,\n    Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142\n\nOther fixes:\n  * Users were unable to use Fastmail calendars due to\n    missing OAuth settings\n  * Account setup error handling was broken for Account\n    hub\n  * Menu bar was hidden after updating from 128esr to\n    140esr\n","id":"SUSE-SU-2025:03007-1","modified":"2025-08-28T08:03:38Z","published":"2025-08-28T08:03:38Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202503007-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1248162"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9179"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9180"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9181"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9182"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9184"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-9185"}],"related":["CVE-2025-9179","CVE-2025-9180","CVE-2025-9181","CVE-2025-9182","CVE-2025-9184","CVE-2025-9185"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2025-9179","CVE-2025-9180","CVE-2025-9181","CVE-2025-9182","CVE-2025-9184","CVE-2025-9185"]}