{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Critical" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"thunderbird security update", "category":"general", "title":"Synopsis" }, { "text":"An update for thunderbird is now available for openEuler-24.03-LTS-SP2", "category":"general", "title":"Summary" }, { "text":"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\nThis vulnerability affects Firefox versions prior to 143 and Firefox ESR versions prior to 140.3. Specific vulnerability type and impact details require further confirmation.(CVE-2025-10527)\n\nThis vulnerability affects Firefox < 143 and Firefox ESR < 140.3.(CVE-2025-10528)\n\nThis vulnerability affects Firefox versions earlier than 143 and Firefox ESR versions earlier than 140.3. The vulnerability may lead to security bypass or other security issues.(CVE-2025-10529)\n\nThis vulnerability affects Firefox < 143 and Firefox ESR < 140.3.(CVE-2025-10532)\n\nThis vulnerability affects Firefox < 143, Firefox ESR < 115.28, and Firefox ESR < 140.3. Specific vulnerability details require further analysis.(CVE-2025-10533)\n\nThis vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.(CVE-2025-10536)\n\nMemory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143 and Firefox ESR < 140.3.(CVE-2025-10537)\n\nUse-after-free vulnerability in MediaTrackGraphImpl::GetInstance(). This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11708)\n\nA compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11709)\n\nA compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11710)\n\nThere was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11711)\n\nA malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11712)\n\nMemory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11714)\n\nMemory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird ESR < 140.4.(CVE-2025-11715)\n\nModification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.\n*This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.(CVE-2025-4082)\n\nDue to insufficient escaping of the special characters in the \"copy as cURL\" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.\n*This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox ESR < 128.10, Firefox ESR < 115.23, and Thunderbird < 128.10.(CVE-2025-4084)", "category":"general", "title":"Description" }, { "text":"An update for thunderbird is now available for openEuler-24.03-LTS-SP2.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Critical", "category":"general", "title":"Severity" }, { "text":"thunderbird", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-2557", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" }, { "summary":"CVE-2025-10527", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10527&packageName=thunderbird" }, { "summary":"CVE-2025-10528", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10528&packageName=thunderbird" }, { "summary":"CVE-2025-10529", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10529&packageName=thunderbird" }, { "summary":"CVE-2025-10532", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10532&packageName=thunderbird" }, { "summary":"CVE-2025-10533", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10533&packageName=thunderbird" }, { "summary":"CVE-2025-10536", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10536&packageName=thunderbird" }, { "summary":"CVE-2025-10537", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10537&packageName=thunderbird" }, { "summary":"CVE-2025-11708", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11708&packageName=thunderbird" }, { "summary":"CVE-2025-11709", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11709&packageName=thunderbird" }, { "summary":"CVE-2025-11710", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11710&packageName=thunderbird" }, { "summary":"CVE-2025-11711", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11711&packageName=thunderbird" }, { "summary":"CVE-2025-11712", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11712&packageName=thunderbird" }, { "summary":"CVE-2025-11714", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11714&packageName=thunderbird" }, { "summary":"CVE-2025-11715", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11715&packageName=thunderbird" }, { "summary":"CVE-2025-4082", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-4082&packageName=thunderbird" }, { "summary":"CVE-2025-4084", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-4084&packageName=thunderbird" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10527" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10528" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10529" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10532" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10533" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10536" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10537" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11708" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11709" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11710" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11711" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11712" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11714" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11715" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-4082" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-4084" }, { "summary":"openEuler-SA-2025-2557 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openEuler-SA-2025-2557.json" } ], "title":"An update for thunderbird is now available for openEuler-24.03-LTS-SP2", "tracking":{ "initial_release_date":"2025-11-06T17:04:02+08:00", "revision_history":[ { "date":"2025-11-06T17:04:02+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-11-06T17:04:02+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-11-06T17:04:02+08:00", "id":"openEuler-SA-2025-2557", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"openEuler-24.03-LTS-SP2", "name":"openEuler-24.03-LTS-SP2" }, "name":"openEuler-24.03-LTS-SP2", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"thunderbird-140.4.0-1.oe2403sp2.aarch64.rpm", "name":"thunderbird-140.4.0-1.oe2403sp2.aarch64.rpm" }, "name":"thunderbird-140.4.0-1.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64.rpm", "name":"thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64.rpm" }, "name":"thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64.rpm", "name":"thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64.rpm" }, "name":"thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64.rpm", "name":"thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64.rpm" }, "name":"thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64.rpm", "name":"thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64.rpm" }, "name":"thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"thunderbird-140.4.0-1.oe2403sp2.src.rpm", "name":"thunderbird-140.4.0-1.oe2403sp2.src.rpm" }, "name":"thunderbird-140.4.0-1.oe2403sp2.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"thunderbird-140.4.0-1.oe2403sp2.x86_64.rpm", "name":"thunderbird-140.4.0-1.oe2403sp2.x86_64.rpm" }, "name":"thunderbird-140.4.0-1.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64.rpm", "name":"thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64.rpm" }, "name":"thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64.rpm", "name":"thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64.rpm" }, "name":"thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64.rpm", "name":"thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64.rpm" }, "name":"thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64.rpm", "name":"thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64.rpm" }, "name":"thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"thunderbird-140.4.0-1.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "name":"thunderbird-140.4.0-1.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "name":"thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "name":"thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "name":"thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "name":"thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"thunderbird-140.4.0-1.oe2403sp2.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "name":"thunderbird-140.4.0-1.oe2403sp2.src as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"thunderbird-140.4.0-1.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "name":"thunderbird-140.4.0-1.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "name":"thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "name":"thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "name":"thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64", "name":"thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-10527", "notes":[ { "text":"This vulnerability affects Firefox versions prior to 143 and Firefox ESR versions prior to 140.3. Specific vulnerability type and impact details require further confirmation.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-10527" }, { "cve":"CVE-2025-10528", "notes":[ { "text":"This vulnerability affects Firefox < 143 and Firefox ESR < 140.3.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-10528" }, { "cve":"CVE-2025-10529", "notes":[ { "text":"This vulnerability affects Firefox versions earlier than 143 and Firefox ESR versions earlier than 140.3. The vulnerability may lead to security bypass or other security issues.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-10529" }, { "cve":"CVE-2025-10532", "notes":[ { "text":"This vulnerability affects Firefox < 143 and Firefox ESR < 140.3.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-10532" }, { "cve":"CVE-2025-10533", "notes":[ { "text":"This vulnerability affects Firefox < 143, Firefox ESR < 115.28, and Firefox ESR < 140.3. Specific vulnerability details require further analysis.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-10533" }, { "cve":"CVE-2025-10536", "notes":[ { "text":"This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.2, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-10536" }, { "cve":"CVE-2025-10537", "notes":[ { "text":"Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143 and Firefox ESR < 140.3.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-10537" }, { "cve":"CVE-2025-11708", "notes":[ { "text":"Use-after-free vulnerability in MediaTrackGraphImpl::GetInstance(). This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2025-11708" }, { "cve":"CVE-2025-11709", "notes":[ { "text":"A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2025-11709" }, { "cve":"CVE-2025-11710", "notes":[ { "text":"A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2025-11710" }, { "cve":"CVE-2025-11711", "notes":[ { "text":"There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-11711" }, { "cve":"CVE-2025-11712", "notes":[ { "text":"A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-11712" }, { "cve":"CVE-2025-11714", "notes":[ { "text":"Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-11714" }, { "cve":"CVE-2025-11715", "notes":[ { "text":"Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird ESR < 140.4.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-11715" }, { "cve":"CVE-2025-4082", "notes":[ { "text":"Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.\n*This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.9, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-4082" }, { "cve":"CVE-2025-4084", "notes":[ { "text":"Due to insufficient escaping of the special characters in the \"copy as cURL\" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.\n*This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox ESR < 128.10, Firefox ESR < 115.23, and Thunderbird < 128.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.7, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.src", "openEuler-24.03-LTS-SP2:thunderbird-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-4084" } ] }