Threat Intelligence Database

A security advisory from Red Hat addresses multiple vulnerabilities in Mozilla Firefox and Thunderbird, including denial of service via specially crafted WebTransport requests, memory safety bugs, potential directory upload bypass via clickjacking, external protocol handler enumeration, memory corruption issues, cross-origin access to PDF and JSON contents, and site isolation bypass. These issues affect Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3. The advisory provides updates to mitigate these vulnerabilities for Red Hat Enterprise Linux 9.0 variants.

A security update for Mozilla Firefox and Thunderbird addresses multiple vulnerabilities including denial of service via specially crafted WebTransport requests, memory safety bugs, clickjacking leading to directory upload bypass, cross-origin data access through multipart responses, and site isolation bypass by compromised content processes. These issues affect various Firefox and Thunderbird versions including Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3. The update is provided by Red Hat for their Enterprise Linux 9.2 Extended Update Support and related variants.

A security update for Mozilla Thunderbird has been released by Red Hat, upgrading the software to version 115.10.0. This update addresses multiple vulnerabilities, including a denial of service issue involving HTTP/2 CONTINUATION frames (CVE-2024-3302). The update is rated with a low security impact by Red Hat Product Security. The advisory covers Red Hat Enterprise Linux 7 variants and related platforms. Users are advised to apply the update to mitigate these issues.

Multiple security vulnerabilities affecting Mozilla Thunderbird as packaged by Red Hat have been addressed in an important security update. These include memory safety bugs, JavaScript engine issues, incorrect URL handling in Content Security Policy (CSP) reports, and potential user-assisted code execution. The update fixes nine CVEs related to Thunderbird and Firefox components, impacting Red Hat Enterprise Linux 9.2 variants. The advisory provides updated packages to remediate these issues.

Multiple security vulnerabilities affecting Mozilla Thunderbird as packaged by Red Hat Enterprise Linux 8.2 AUS have been addressed. These include memory safety bugs, JavaScript engine flaws, incorrect URL handling in Content Security Policy (CSP) reports, and potential user-assisted code execution via the 'Copy as cURL' command. The update fixes issues that could lead to truncated instructions, partial return values on the stack, CSP bypasses, and execution of javascript: URLs in object/embed tags. Red Hat has released an important security advisory with patches for these issues.

Multiple security vulnerabilities affecting Mozilla Thunderbird have been addressed in a Red Hat security update for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. The issues include memory safety bugs, incorrect URL stripping in CSP reports, partial return value writes in the JavaScript engine, potential user-assisted code execution, and CSP bypasses among others. These vulnerabilities have been assigned various CVEs from CVE-2025-8027 through CVE-2025-8035. The update is rated as important by Red Hat Product Security.

Multiple security vulnerabilities affecting Mozilla Thunderbird have been addressed in a Red Hat security advisory. These include denial-of-service due to out-of-memory in the Graphics WebRender component, sandbox escape via an invalid pointer in the Audio/Video GMP component, same-origin policy bypass in the Graphics Canvas2D component, uninitialized memory in the JavaScript Engine, and various memory safety bugs. The update is rated as Important by Red Hat Product Security and affects Red Hat Enterprise Linux 9 variants. The advisory provides updated Thunderbird packages to remediate these issues.

Multiple security vulnerabilities affecting Mozilla Thunderbird have been addressed in a Red Hat security update for Red Hat Enterprise Linux 10. The issues include denial-of-service, sandbox escape, same-origin policy bypass, uninitialized memory, and memory safety bugs across various components such as Graphics WebRender, Audio/Video GMP, Graphics Canvas2D, and the JavaScript Engine. These vulnerabilities have been fixed in Thunderbird ESR 128.14 and later versions. The update is rated as Important by Red Hat Product Security.

Multiple security vulnerabilities affecting Mozilla Firefox and Thunderbird have been addressed in Red Hat Enterprise Linux 8.4 updates. These include denial-of-service due to out-of-memory in the Graphics WebRender component, sandbox escape via invalid pointer in the Audio/Video GMP component, same-origin policy bypass in the Graphics Canvas2D component, uninitialized memory in the JavaScript Engine, and various memory safety bugs. The update fixes these issues in Firefox ESR 115.27, 128.14, 140.2, Thunderbird ESR 128.14, 140.2, and Firefox and Thunderbird version 142.

Multiple security vulnerabilities affecting Mozilla Firefox and Thunderbird have been addressed in a Red Hat security update. These include denial-of-service, sandbox escape, same-origin policy bypass, uninitialized memory, and memory safety bugs. The fixes are included in Firefox ESR versions 115.27, 128.14, 140.2, Thunderbird ESR 128.14, 140.2, and Firefox and Thunderbird version 142. The update is rated as important by Red Hat Product Security.