An update for thunderbird is now available for openEuler-24.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2557 Final 1.0 1.0 2025-10-31 Initial 2025-10-31 2025-10-31 openEuler SA Tool V1.0 2025-10-31 thunderbird security update An update for thunderbird is now available for openEuler-24.03-LTS-SP2 Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): This vulnerability affects Firefox versions prior to 143 and Firefox ESR versions prior to 140.3. Specific vulnerability type and impact details require further confirmation.(CVE-2025-10527) This vulnerability affects Firefox < 143 and Firefox ESR < 140.3.(CVE-2025-10528) This vulnerability affects Firefox versions earlier than 143 and Firefox ESR versions earlier than 140.3. The vulnerability may lead to security bypass or other security issues.(CVE-2025-10529) This vulnerability affects Firefox < 143 and Firefox ESR < 140.3.(CVE-2025-10532) This vulnerability affects Firefox < 143, Firefox ESR < 115.28, and Firefox ESR < 140.3. Specific vulnerability details require further analysis.(CVE-2025-10533) This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.(CVE-2025-10536) Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143 and Firefox ESR < 140.3.(CVE-2025-10537) Use-after-free vulnerability in MediaTrackGraphImpl::GetInstance(). This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11708) A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11709) A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11710) There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11711) A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11712) Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.(CVE-2025-11714) Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird ESR < 140.4.(CVE-2025-11715) Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.(CVE-2025-4082) Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox ESR < 128.10, Firefox ESR < 115.23, and Thunderbird < 128.10.(CVE-2025-4084) An update for thunderbird is now available for openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical thunderbird https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10527 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10528 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10529 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10532 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10533 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10536 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10537 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11708 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11709 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11710 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11711 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11712 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11714 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-11715 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-4082 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-4084 https://nvd.nist.gov/vuln/detail/CVE-2025-10527 https://nvd.nist.gov/vuln/detail/CVE-2025-10528 https://nvd.nist.gov/vuln/detail/CVE-2025-10529 https://nvd.nist.gov/vuln/detail/CVE-2025-10532 https://nvd.nist.gov/vuln/detail/CVE-2025-10533 https://nvd.nist.gov/vuln/detail/CVE-2025-10536 https://nvd.nist.gov/vuln/detail/CVE-2025-10537 https://nvd.nist.gov/vuln/detail/CVE-2025-11708 https://nvd.nist.gov/vuln/detail/CVE-2025-11709 https://nvd.nist.gov/vuln/detail/CVE-2025-11710 https://nvd.nist.gov/vuln/detail/CVE-2025-11711 https://nvd.nist.gov/vuln/detail/CVE-2025-11712 https://nvd.nist.gov/vuln/detail/CVE-2025-11714 https://nvd.nist.gov/vuln/detail/CVE-2025-11715 https://nvd.nist.gov/vuln/detail/CVE-2025-4082 https://nvd.nist.gov/vuln/detail/CVE-2025-4084 openEuler-24.03-LTS-SP2 thunderbird-140.4.0-1.oe2403sp2.aarch64.rpm thunderbird-debuginfo-140.4.0-1.oe2403sp2.aarch64.rpm thunderbird-debugsource-140.4.0-1.oe2403sp2.aarch64.rpm thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.aarch64.rpm thunderbird-wayland-140.4.0-1.oe2403sp2.aarch64.rpm thunderbird-140.4.0-1.oe2403sp2.src.rpm thunderbird-140.4.0-1.oe2403sp2.x86_64.rpm thunderbird-debuginfo-140.4.0-1.oe2403sp2.x86_64.rpm thunderbird-debugsource-140.4.0-1.oe2403sp2.x86_64.rpm thunderbird-librnp-rnp-140.4.0-1.oe2403sp2.x86_64.rpm thunderbird-wayland-140.4.0-1.oe2403sp2.x86_64.rpm This vulnerability affects Firefox versions prior to 143 and Firefox ESR versions prior to 140.3. Specific vulnerability type and impact details require further confirmation. 2025-10-31 CVE-2025-10527 openEuler-24.03-LTS-SP2 High 7.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L thunderbird security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557 This vulnerability affects Firefox < 143 and Firefox ESR < 140.3. 2025-10-31 CVE-2025-10528 openEuler-24.03-LTS-SP2 High 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L thunderbird security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557 This vulnerability affects Firefox versions earlier than 143 and Firefox ESR versions earlier than 140.3. The vulnerability may lead to security bypass or other security issues. 2025-10-31 CVE-2025-10529 openEuler-24.03-LTS-SP2 Medium 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N thunderbird security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557 This vulnerability affects Firefox < 143 and Firefox ESR < 140.3. 2025-10-31 CVE-2025-10532 openEuler-24.03-LTS-SP2 Medium 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N thunderbird security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557 This vulnerability affects Firefox < 143, Firefox ESR < 115.28, and Firefox ESR < 140.3. Specific vulnerability details require further analysis. 2025-10-31 CVE-2025-10533 openEuler-24.03-LTS-SP2 High 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H thunderbird security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557 This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. 2025-10-31 CVE-2025-10536 openEuler-24.03-LTS-SP2 Medium 6.2 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N thunderbird security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557 Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143 and Firefox ESR < 140.3. 2025-10-31 CVE-2025-10537 openEuler-24.03-LTS-SP2 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H thunderbird security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557 Use-after-free vulnerability in MediaTrackGraphImpl::GetInstance(). This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. 2025-10-31 CVE-2025-11708 openEuler-24.03-LTS-SP2 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H thunderbird security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557 A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. 2025-10-31 CVE-2025-11709 openEuler-24.03-LTS-SP2 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H thunderbird security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557 A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. 2025-10-31 CVE-2025-11710 openEuler-24.03-LTS-SP2 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H thunderbird security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557 There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. 2025-10-31 CVE-2025-11711 openEuler-24.03-LTS-SP2 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N thunderbird security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557 A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. 2025-10-31 CVE-2025-11712 openEuler-24.03-LTS-SP2 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N thunderbird security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557 Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. 2025-10-31 CVE-2025-11714 openEuler-24.03-LTS-SP2 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H thunderbird security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557 Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird ESR < 140.4. 2025-10-31 CVE-2025-11715 openEuler-24.03-LTS-SP2 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H thunderbird security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557 Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. 2025-10-31 CVE-2025-4082 openEuler-24.03-LTS-SP2 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N thunderbird security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557 Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox ESR < 128.10, Firefox ESR < 115.23, and Thunderbird < 128.10. 2025-10-31 CVE-2025-4084 openEuler-24.03-LTS-SP2 Medium 5.7 AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N thunderbird security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2557