thunderbird-140.5.0-2.el9_7.ML.1

エラータID: AXSA:2025-11549:27

Release date: 
Thursday, December 18, 2025 - 14:41
Subject: 
thunderbird-140.5.0-2.el9_7.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)
firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)
firefox: Incorrect boundary conditions in the JavaScript: WebAssembly
component (CVE-2025-13016)
firefox: Same-origin policy bypass in the DOM: Workers component
(CVE-2025-13019)
firefox: Use-after-free in the WebRTC: Audio/Video component
(CVE-2025-13020)
firefox: Race condition in the Graphics component (CVE-2025-13012)
firefox: Spoofing issue in Firefox (CVE-2025-13015)
firefox: Mitigation bypass in the DOM: Core & HTML component
(CVE-2025-13013)
firefox: Same-origin policy bypass in the DOM: Notifications component
(CVE-2025-13017)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2025-13012
Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13013
Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13014
Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13015
Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13016
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13017
Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13018
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13019
Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13020
Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.

Solution: 

Update packages.

CVEs: 
CVE-2025-13012
Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13013
Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13014
Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13015
Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13016
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13017
Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13018
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13019
Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
CVE-2025-13020
Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-140.5.0-2.el9_7.ML.1.src.rpm
    MD5: dd92a4d584e78b4c75298ac13c750249
    SHA-256: 429bb7a6cf341588bc64bdab98d35077eb018c69787473d32bdd2c8106a25bdf
    Size: 913.25 MB

Asianux Server 9 for x86_64
  1. thunderbird-140.5.0-2.el9_7.ML.1.x86_64.rpm
    MD5: fa8f2422ed16f5de0de123de48b4ddad
    SHA-256: 9c63fba242531e3a9df67912b4f9f5c924e961e07579213252b173ffaf6a3560
    Size: 111.59 MB