Red Hat Product Errata RHSA-2025:0147 - Security Advisory
Issued:
2025-01-09
Updated:
2025-01-09

RHSA-2025:0147 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

  • firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 (CVE-2025-0243)
  • firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 (CVE-2025-0242)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x

Fixes

  • BZ - 2336175 - CVE-2025-0243 firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6
  • BZ - 2336181 - CVE-2025-0242 firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6

Red Hat Enterprise Linux for x86_64 9

SRPM
thunderbird-128.6.0-3.el9_5.src.rpm SHA-256: f0096e0991ac59468ddd5a8095464887301ddd8c08cc551789ebdf7a11dea279
x86_64
thunderbird-128.6.0-3.el9_5.x86_64.rpm SHA-256: f20db53bc3632b3e7a2e92d8af37f47d0db95bec85247147b27c8d1ea3b146f2
thunderbird-debuginfo-128.6.0-3.el9_5.x86_64.rpm SHA-256: 2e287294df8fe251b4c029bf33a73261989b882fce6411435444b53fe70453b4
thunderbird-debugsource-128.6.0-3.el9_5.x86_64.rpm SHA-256: a9a1c1ef66ab7c647437eae6e85a40051b6ec3426a1f97f4c10ec8ba34d0b2eb

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
thunderbird-128.6.0-3.el9_5.src.rpm SHA-256: f0096e0991ac59468ddd5a8095464887301ddd8c08cc551789ebdf7a11dea279
x86_64
thunderbird-128.6.0-3.el9_5.x86_64.rpm SHA-256: f20db53bc3632b3e7a2e92d8af37f47d0db95bec85247147b27c8d1ea3b146f2
thunderbird-debuginfo-128.6.0-3.el9_5.x86_64.rpm SHA-256: 2e287294df8fe251b4c029bf33a73261989b882fce6411435444b53fe70453b4
thunderbird-debugsource-128.6.0-3.el9_5.x86_64.rpm SHA-256: a9a1c1ef66ab7c647437eae6e85a40051b6ec3426a1f97f4c10ec8ba34d0b2eb

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
thunderbird-128.6.0-3.el9_5.src.rpm SHA-256: f0096e0991ac59468ddd5a8095464887301ddd8c08cc551789ebdf7a11dea279
x86_64
thunderbird-128.6.0-3.el9_5.x86_64.rpm SHA-256: f20db53bc3632b3e7a2e92d8af37f47d0db95bec85247147b27c8d1ea3b146f2
thunderbird-debuginfo-128.6.0-3.el9_5.x86_64.rpm SHA-256: 2e287294df8fe251b4c029bf33a73261989b882fce6411435444b53fe70453b4
thunderbird-debugsource-128.6.0-3.el9_5.x86_64.rpm SHA-256: a9a1c1ef66ab7c647437eae6e85a40051b6ec3426a1f97f4c10ec8ba34d0b2eb

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
thunderbird-128.6.0-3.el9_5.src.rpm SHA-256: f0096e0991ac59468ddd5a8095464887301ddd8c08cc551789ebdf7a11dea279
s390x
thunderbird-128.6.0-3.el9_5.s390x.rpm SHA-256: 4e88ef4d92171ca82a1e8df703a182b7e2d08466ec82a140fcc89dfdb5706a77
thunderbird-debuginfo-128.6.0-3.el9_5.s390x.rpm SHA-256: d16bcc2173dea9ccf071993b55709ee617cf17c7afd78ccdc0a650e84543b27c
thunderbird-debugsource-128.6.0-3.el9_5.s390x.rpm SHA-256: e5e85dd9feefbf788a6914f263c7350e98917f8105a6ac65a6428986279d414f

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
thunderbird-128.6.0-3.el9_5.src.rpm SHA-256: f0096e0991ac59468ddd5a8095464887301ddd8c08cc551789ebdf7a11dea279
s390x
thunderbird-128.6.0-3.el9_5.s390x.rpm SHA-256: 4e88ef4d92171ca82a1e8df703a182b7e2d08466ec82a140fcc89dfdb5706a77
thunderbird-debuginfo-128.6.0-3.el9_5.s390x.rpm SHA-256: d16bcc2173dea9ccf071993b55709ee617cf17c7afd78ccdc0a650e84543b27c
thunderbird-debugsource-128.6.0-3.el9_5.s390x.rpm SHA-256: e5e85dd9feefbf788a6914f263c7350e98917f8105a6ac65a6428986279d414f

Red Hat Enterprise Linux for Power, little endian 9

SRPM
thunderbird-128.6.0-3.el9_5.src.rpm SHA-256: f0096e0991ac59468ddd5a8095464887301ddd8c08cc551789ebdf7a11dea279
ppc64le
thunderbird-128.6.0-3.el9_5.ppc64le.rpm SHA-256: 866ef80200e5532de7ad59bf2ccb22418ead992bbccb6a168410b19519aebf4f
thunderbird-debuginfo-128.6.0-3.el9_5.ppc64le.rpm SHA-256: ccf2aac7afdb015db410d7d15ae61d1df6262f991e93f1af872cc70d6164234d
thunderbird-debugsource-128.6.0-3.el9_5.ppc64le.rpm SHA-256: 66f222b1e4eda98fc15febe3a97610049a741bef100b943a58f09576eed0c7f8

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
thunderbird-128.6.0-3.el9_5.src.rpm SHA-256: f0096e0991ac59468ddd5a8095464887301ddd8c08cc551789ebdf7a11dea279
ppc64le
thunderbird-128.6.0-3.el9_5.ppc64le.rpm SHA-256: 866ef80200e5532de7ad59bf2ccb22418ead992bbccb6a168410b19519aebf4f
thunderbird-debuginfo-128.6.0-3.el9_5.ppc64le.rpm SHA-256: ccf2aac7afdb015db410d7d15ae61d1df6262f991e93f1af872cc70d6164234d
thunderbird-debugsource-128.6.0-3.el9_5.ppc64le.rpm SHA-256: 66f222b1e4eda98fc15febe3a97610049a741bef100b943a58f09576eed0c7f8

Red Hat Enterprise Linux for ARM 64 9

SRPM
thunderbird-128.6.0-3.el9_5.src.rpm SHA-256: f0096e0991ac59468ddd5a8095464887301ddd8c08cc551789ebdf7a11dea279
aarch64
thunderbird-128.6.0-3.el9_5.aarch64.rpm SHA-256: cceab3bbe6060314cd8d5434920d4754b37afca2d2da18145df80fdc08b2677b
thunderbird-debuginfo-128.6.0-3.el9_5.aarch64.rpm SHA-256: 4f46d360c7dfd449ef84e7861e7857630dbb0bbfc2ef91db6aa0f1ddf97c12cc
thunderbird-debugsource-128.6.0-3.el9_5.aarch64.rpm SHA-256: eff0bfa5b96cef39af57897e4df27dc95aa3d422af91f1ff306a5d09ebf62b84

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
thunderbird-128.6.0-3.el9_5.src.rpm SHA-256: f0096e0991ac59468ddd5a8095464887301ddd8c08cc551789ebdf7a11dea279
aarch64
thunderbird-128.6.0-3.el9_5.aarch64.rpm SHA-256: cceab3bbe6060314cd8d5434920d4754b37afca2d2da18145df80fdc08b2677b
thunderbird-debuginfo-128.6.0-3.el9_5.aarch64.rpm SHA-256: 4f46d360c7dfd449ef84e7861e7857630dbb0bbfc2ef91db6aa0f1ddf97c12cc
thunderbird-debugsource-128.6.0-3.el9_5.aarch64.rpm SHA-256: eff0bfa5b96cef39af57897e4df27dc95aa3d422af91f1ff306a5d09ebf62b84

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
thunderbird-128.6.0-3.el9_5.src.rpm SHA-256: f0096e0991ac59468ddd5a8095464887301ddd8c08cc551789ebdf7a11dea279
ppc64le
thunderbird-128.6.0-3.el9_5.ppc64le.rpm SHA-256: 866ef80200e5532de7ad59bf2ccb22418ead992bbccb6a168410b19519aebf4f
thunderbird-debuginfo-128.6.0-3.el9_5.ppc64le.rpm SHA-256: ccf2aac7afdb015db410d7d15ae61d1df6262f991e93f1af872cc70d6164234d
thunderbird-debugsource-128.6.0-3.el9_5.ppc64le.rpm SHA-256: 66f222b1e4eda98fc15febe3a97610049a741bef100b943a58f09576eed0c7f8

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
thunderbird-128.6.0-3.el9_5.src.rpm SHA-256: f0096e0991ac59468ddd5a8095464887301ddd8c08cc551789ebdf7a11dea279
x86_64
thunderbird-128.6.0-3.el9_5.x86_64.rpm SHA-256: f20db53bc3632b3e7a2e92d8af37f47d0db95bec85247147b27c8d1ea3b146f2
thunderbird-debuginfo-128.6.0-3.el9_5.x86_64.rpm SHA-256: 2e287294df8fe251b4c029bf33a73261989b882fce6411435444b53fe70453b4
thunderbird-debugsource-128.6.0-3.el9_5.x86_64.rpm SHA-256: a9a1c1ef66ab7c647437eae6e85a40051b6ec3426a1f97f4c10ec8ba34d0b2eb

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
thunderbird-128.6.0-3.el9_5.src.rpm SHA-256: f0096e0991ac59468ddd5a8095464887301ddd8c08cc551789ebdf7a11dea279
aarch64
thunderbird-128.6.0-3.el9_5.aarch64.rpm SHA-256: cceab3bbe6060314cd8d5434920d4754b37afca2d2da18145df80fdc08b2677b
thunderbird-debuginfo-128.6.0-3.el9_5.aarch64.rpm SHA-256: 4f46d360c7dfd449ef84e7861e7857630dbb0bbfc2ef91db6aa0f1ddf97c12cc
thunderbird-debugsource-128.6.0-3.el9_5.aarch64.rpm SHA-256: eff0bfa5b96cef39af57897e4df27dc95aa3d422af91f1ff306a5d09ebf62b84

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
thunderbird-128.6.0-3.el9_5.src.rpm SHA-256: f0096e0991ac59468ddd5a8095464887301ddd8c08cc551789ebdf7a11dea279
s390x
thunderbird-128.6.0-3.el9_5.s390x.rpm SHA-256: 4e88ef4d92171ca82a1e8df703a182b7e2d08466ec82a140fcc89dfdb5706a77
thunderbird-debuginfo-128.6.0-3.el9_5.s390x.rpm SHA-256: d16bcc2173dea9ccf071993b55709ee617cf17c7afd78ccdc0a650e84543b27c
thunderbird-debugsource-128.6.0-3.el9_5.s390x.rpm SHA-256: e5e85dd9feefbf788a6914f263c7350e98917f8105a6ac65a6428986279d414f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.