Opened 8 months ago
Closed 8 months ago
#21655 closed enhancement (fixed)
thunderbird-128.11.0esr
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 12.4 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version. Because I need to do some SA updates anyway I'll get this one in today
Release notes:
What's Fixed?
- Thunderbird could crash if message copying to Sent folder was interrupted
- Security fixes
Security fixes:
- CVE-2025-5262: Double-free in libvpx encoder (Critical)
- CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content (Moderate)
- CVE-2025-5264: Potential local code execution in “Copy as cURL” command (Moderate)
- CVE-2025-5266: Script element events leaked cross-origin resource status (Moderate)
- CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved payment card details (Low)
- CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 (Moderate)
- CVE-2025-5269: Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 (Moderate)
Change History (2)
comment:1 by , 8 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 8 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at 5be82cfbfd8b1eec7754da06ed21d5dd78562efe
SA-12.3-039 issued