thunderbird-128.7.0esr

[Joe Locash]

What’s Fixed

• Images inside links could zoom when clicked instead of opening the link
• Compacting an empty folder failed with write error
• Compacting of IMAP folder with corrupted local storage failed with write error
• After restart, all restored tabs with opened PDFs showed the same attachment
• Exceptions during CalDAV item processing would halt subsequent item handling
• Context menu was unable to move email address to a different field

Security fixes

​https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/

• CVE-2025-1009: Use-after-free in XSLT (high)
• CVE-2025-1010: Use-after-free in Custom Highlight (high)
• CVE-2025-1011: A bug in WebAssembly code generation could result in a crash (moderate)
• CVE-2025-1012: Use-after-free during concurrent delazification (moderate)
• CVE-2024-11704: Potential double-free vulnerability in PKCS#7 decryption handling (low)
• CVE-2025-1013: Potential opening of private browsing tabs in normal browsing windows (low)
• CVE-2025-1014: Certificate length was not properly checked (low)
• CVE-2025-1015: Unsanitized address book fields (low)
• CVE-2025-0510: Address of e-mail sender can be spoofed by malicious email (high)
• CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 (high)
• CVE-2025-1017: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 (moderate)

[Douglas R. Reno]

"CVE-2025-0510: Address of e-mail sender can be spoofed by malicious email (high) "

This vulnerability is particularly bad. I could see that easily being used for phishing attacks since you'd have no way to tell that this occurred unless you look at the email headers for almost all of the email that you receive.

[Douglas R. Reno]

Fixed at 8b0911f0be22d5bf7d2e5673733fecb45e8dce8f

SA-12.2-079 issued