ALT Linux Team

Package thunderbird update in sisyphus on 2025-03-15

ALT-PU-2025-4378-2

Package thunderbird updated to version 136.0-alt1 for branch sisyphus in task 378178.

Closed vulnerabilities

Published: 2024-10-29

BDU:2025-00960

Уязвимость веб-браузера Firefox, почтового клиента Thunderbird, связанная с одновременным выполнением с использованием общего ресурса с неправильной синхронизацией, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.3) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2024-10-29
Modified: 2024-11-04

CVE-2024-10468

Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
Published: 2025-03-04
Modified: 2025-03-28

CVE-2025-1942

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird < 136.

References:
Published: 2025-03-04
Modified: 2025-04-03

CVE-2025-1943

Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Thunderbird < 136.

References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top