thunderbird-128.8.0-2.el8_10.ML.1

エラータID: AXSA:2025-9775:05

Release date: 
Wednesday, March 19, 2025 - 11:14
Subject: 
thunderbird-128.8.0-2.el8_10.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 (CVE-2025-1938)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 (CVE-2025-1937)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-1937
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
CVE-2025-1938
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

Solution: 

Update packages.

CVEs: 
CVE-2025-1937
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
CVE-2025-1938
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-128.8.0-2.el8_10.ML.1.src.rpm
    MD5: b55440bbfec012c0fe717901eaac0240
    SHA-256: 7331f61d71a9da284d4613c28756c98489825e78d9e765b9ff67ec243bc75b9e
    Size: 853.81 MB

Asianux Server 8 for x86_64
  1. thunderbird-128.8.0-2.el8_10.ML.1.x86_64.rpm
    MD5: cbd4c6188f6280813bff0db3455f0fe5
    SHA-256: ff28ec121956b10b970a594d8a5300516be60ec2945abe8c8e4c7170c318eaae
    Size: 122.33 MB