{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"140.4.0-150200.8.242.1","MozillaThunderbird-translations-common":"140.4.0-150200.8.242.1","MozillaThunderbird-translations-other":"140.4.0-150200.8.242.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"140.4.0-150200.8.242.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"140.4.0-150200.8.242.1","MozillaThunderbird-translations-common":"140.4.0-150200.8.242.1","MozillaThunderbird-translations-other":"140.4.0-150200.8.242.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP7","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"140.4.0-150200.8.242.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"140.4.0-150200.8.242.1","MozillaThunderbird-translations-common":"140.4.0-150200.8.242.1","MozillaThunderbird-translations-other":"140.4.0-150200.8.242.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP6","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"140.4.0-150200.8.242.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"140.4.0-150200.8.242.1","MozillaThunderbird-translations-common":"140.4.0-150200.8.242.1","MozillaThunderbird-translations-other":"140.4.0-150200.8.242.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP7","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"140.4.0-150200.8.242.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"140.4.0-150200.8.242.1","MozillaThunderbird-translations-common":"140.4.0-150200.8.242.1","MozillaThunderbird-translations-other":"140.4.0-150200.8.242.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"140.4.0-150200.8.242.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for MozillaThunderbird fixes the following issue:\n\nMozilla Thunderbird is updated to 140.4.\n\n * changed: Account Hub is now disabled by default for second\n   email account (bmo#1992027)\n * changed: Flatpak runtime has been updated to Freedesktop SDK\n   24.08 (bmo#1952100)\n * fixed: Users could not read mail signed with OpenPGP v6 and\n   PQC keys (bmo#1986845)\n * fixed: Image preview in Insert Image dialog failed with CSP\n   error for web resources (bmo#1989392)\n * fixed: Emptying trash on exit did not work with some\n   providers (bmo#1975147)\n * fixed: Thunderbird could crash when applying filters\n   (bmo#1987880)\n * fixed: Users were unable to override expired mail server\n   certificate (bmo#1979323)\n * fixed: Opening Website header link in RSS feed incorrectly\n   re-encoded URL parameters (bmo#1971035)\n\nSecurity fixes:\n\nMFSA 2025-85 (bsc#1251263):\n\n * CVE-2025-11708 (bmo#1988931)\n   Use-after-free in MediaTrackGraphImpl::GetInstance()\n * CVE-2025-11709 (bmo#1989127)\n   Out of bounds read/write in a privileged process triggered by\n   WebGL textures\n * CVE-2025-11710 (bmo#1989899)\n   Cross-process information leaked due to malicious IPC\n   messages\n * CVE-2025-11711 (bmo#1989978)\n   Some non-writable Object properties could be modified\n * CVE-2025-11712 (bmo#1979536)\n   An OBJECT tag type attribute overrode browser behavior on web\n   resources without a content-type\n * CVE-2025-11713 (bmo#1986142)\n   Potential user-assisted code execution in “Copy as cURL”\n   command\n * CVE-2025-11714 (bmo#1973699, bmo#1989945, bmo#1990970,\n   bmo#1991040, bmo#1992113)\n   Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR\n   140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144\n * CVE-2025-11715 (bmo#1983838, bmo#1987624, bmo#1988244,\n   bmo#1988912, bmo#1989734, bmo#1990085, bmo#1991899)\n   Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird\n   ESR 140.4, Firefox 144 and Thunderbird 144\n","id":"SUSE-SU-2025:4006-1","modified":"2025-11-10T08:00:18Z","published":"2025-11-10T08:00:18Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20254006-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251263"},{"type":"REPORT","url":"https://bugzilla.suse.com/1952100"},{"type":"REPORT","url":"https://bugzilla.suse.com/1973699"},{"type":"REPORT","url":"https://bugzilla.suse.com/1975147"},{"type":"REPORT","url":"https://bugzilla.suse.com/1979323"},{"type":"REPORT","url":"https://bugzilla.suse.com/1979536"},{"type":"REPORT","url":"https://bugzilla.suse.com/1983838"},{"type":"REPORT","url":"https://bugzilla.suse.com/1986142"},{"type":"REPORT","url":"https://bugzilla.suse.com/1986845"},{"type":"REPORT","url":"https://bugzilla.suse.com/1987624"},{"type":"REPORT","url":"https://bugzilla.suse.com/1987880"},{"type":"REPORT","url":"https://bugzilla.suse.com/1988244"},{"type":"REPORT","url":"https://bugzilla.suse.com/1988912"},{"type":"REPORT","url":"https://bugzilla.suse.com/1988931"},{"type":"REPORT","url":"https://bugzilla.suse.com/1989127"},{"type":"REPORT","url":"https://bugzilla.suse.com/1989392"},{"type":"REPORT","url":"https://bugzilla.suse.com/1989734"},{"type":"REPORT","url":"https://bugzilla.suse.com/1989899"},{"type":"REPORT","url":"https://bugzilla.suse.com/1989945"},{"type":"REPORT","url":"https://bugzilla.suse.com/1989978"},{"type":"REPORT","url":"https://bugzilla.suse.com/1990085"},{"type":"REPORT","url":"https://bugzilla.suse.com/1990970"},{"type":"REPORT","url":"https://bugzilla.suse.com/1991040"},{"type":"REPORT","url":"https://bugzilla.suse.com/1991899"},{"type":"REPORT","url":"https://bugzilla.suse.com/1992027"},{"type":"REPORT","url":"https://bugzilla.suse.com/1992113"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-11708"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-11709"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-11710"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-11711"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-11712"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-11713"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-11714"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-11715"}],"related":["CVE-2025-11708","CVE-2025-11709","CVE-2025-11710","CVE-2025-11711","CVE-2025-11712","CVE-2025-11713","CVE-2025-11714","CVE-2025-11715"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2025-11708","CVE-2025-11709","CVE-2025-11710","CVE-2025-11711","CVE-2025-11712","CVE-2025-11713","CVE-2025-11714","CVE-2025-11715"]}