{"schema_version":"1.7.2","id":"OESA-2025-2770","modified":"2025-11-28T12:53:20Z","published":"2025-11-28T12:53:20Z","upstream":["CVE-2025-13012","CVE-2025-13013","CVE-2025-13014","CVE-2025-13015","CVE-2025-13016","CVE-2025-13017","CVE-2025-13018","CVE-2025-13019","CVE-2025-13020"],"summary":"thunderbird security update","details":"Mozilla Thunderbird is a standalone mail and newsgroup client.\r\n\r\nSecurity Fix(es):\n\nRace condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.(CVE-2025-13012)\n\nMitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.(CVE-2025-13013)\n\nUse-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.(CVE-2025-13014)\n\nSpoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.(CVE-2025-13015)\n\nIncorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.(CVE-2025-13016)\n\nSame-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.(CVE-2025-13017)\n\nMitigation bypass vulnerability in the DOM Security component. This vulnerability affects Firefox versions prior to 145 and Firefox ESR versions prior to 140.5, potentially allowing remote code execution.(CVE-2025-13018)\n\nSame-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.(CVE-2025-13019)\n\nUse-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code, affecting confidentiality, integrity, and availability.(CVE-2025-13020)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP2","name":"thunderbird","purl":"pkg:rpm/openEuler/thunderbird&distro=openEuler-24.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"140.5.0-1.oe2403sp2"}]}],"ecosystem_specific":{"aarch64":["thunderbird-140.5.0-1.oe2403sp2.aarch64.rpm","thunderbird-debuginfo-140.5.0-1.oe2403sp2.aarch64.rpm","thunderbird-debugsource-140.5.0-1.oe2403sp2.aarch64.rpm","thunderbird-librnp-rnp-140.5.0-1.oe2403sp2.aarch64.rpm","thunderbird-wayland-140.5.0-1.oe2403sp2.aarch64.rpm"],"src":["thunderbird-140.5.0-1.oe2403sp2.src.rpm"],"x86_64":["thunderbird-140.5.0-1.oe2403sp2.x86_64.rpm","thunderbird-debuginfo-140.5.0-1.oe2403sp2.x86_64.rpm","thunderbird-debugsource-140.5.0-1.oe2403sp2.x86_64.rpm","thunderbird-librnp-rnp-140.5.0-1.oe2403sp2.x86_64.rpm","thunderbird-wayland-140.5.0-1.oe2403sp2.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2770"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13012"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13013"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13014"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13015"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13016"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13017"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13018"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13019"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13020"}],"database_specific":{"severity":"High"}}