Issued:: 2025-07-01
Updated:: 2025-07-01

RHSA-2025:10160 - Security Advisory

Overview
Updated Packages

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links (CVE-2025-5986)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 9.2 x86_64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

BZ - 2372281 - CVE-2025-5986 thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
thunderbird-128.12.0-1.el9_2.src.rpm	SHA-256: d0ac93e8a290c2728d977595245e0ac5a28841cef54fbd813ed259aa9170d011
x86_64
thunderbird-128.12.0-1.el9_2.x86_64.rpm	SHA-256: 3b5625040824582f03a864c07753fa577974ae91210a8061d276026fa47875f2
thunderbird-debuginfo-128.12.0-1.el9_2.x86_64.rpm	SHA-256: 74ef7f59386b21700e49f81b97a6088a3d0a686b254d83d2618b021770829025
thunderbird-debugsource-128.12.0-1.el9_2.x86_64.rpm	SHA-256: a302c0ab29c782e46c333eb4e42f87a138d8bab7630b1b25b94ced72b982466d

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
thunderbird-128.12.0-1.el9_2.src.rpm	SHA-256: d0ac93e8a290c2728d977595245e0ac5a28841cef54fbd813ed259aa9170d011
ppc64le
thunderbird-128.12.0-1.el9_2.ppc64le.rpm	SHA-256: a15147bd5ccf7465cdcf34e6a1640e13340b52a20306ffaae86d3d02db98018a
thunderbird-debuginfo-128.12.0-1.el9_2.ppc64le.rpm	SHA-256: cca8772335b74dbedc1d76cdc4adfe9f5fa8424b5927998c810421d3d2981d41
thunderbird-debugsource-128.12.0-1.el9_2.ppc64le.rpm	SHA-256: c5775d7ea50b183fa99f0f5c772739eee0e16c2ed36e614da2d7d804479e2f78

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
thunderbird-128.12.0-1.el9_2.src.rpm	SHA-256: d0ac93e8a290c2728d977595245e0ac5a28841cef54fbd813ed259aa9170d011
x86_64
thunderbird-128.12.0-1.el9_2.x86_64.rpm	SHA-256: 3b5625040824582f03a864c07753fa577974ae91210a8061d276026fa47875f2
thunderbird-debuginfo-128.12.0-1.el9_2.x86_64.rpm	SHA-256: 74ef7f59386b21700e49f81b97a6088a3d0a686b254d83d2618b021770829025
thunderbird-debugsource-128.12.0-1.el9_2.x86_64.rpm	SHA-256: a302c0ab29c782e46c333eb4e42f87a138d8bab7630b1b25b94ced72b982466d

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
thunderbird-128.12.0-1.el9_2.src.rpm	SHA-256: d0ac93e8a290c2728d977595245e0ac5a28841cef54fbd813ed259aa9170d011
aarch64
thunderbird-128.12.0-1.el9_2.aarch64.rpm	SHA-256: c651625cf11ddc3bdef15c6546381f52b87e5a17803f9e3bb1c66da4c0c382a4
thunderbird-debuginfo-128.12.0-1.el9_2.aarch64.rpm	SHA-256: 9defd6a21f429783da9c8663a633f45a1ca2b488953ea650ee0cd82b0f3a6768
thunderbird-debugsource-128.12.0-1.el9_2.aarch64.rpm	SHA-256: 585371cef0094c01996ef7b4daf5b566dacaf228f7bef5471e9e93521f757aaf

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
thunderbird-128.12.0-1.el9_2.src.rpm	SHA-256: d0ac93e8a290c2728d977595245e0ac5a28841cef54fbd813ed259aa9170d011
s390x
thunderbird-128.12.0-1.el9_2.s390x.rpm	SHA-256: 8d77929d495ba3658db968ac290e5dce074b3b612ff0837fd5cd4d11190aa6d2
thunderbird-debuginfo-128.12.0-1.el9_2.s390x.rpm	SHA-256: 84e4cb81aeb319957e958422e539d35e181ef52951aa4ae5fa3dafc86457b00c
thunderbird-debugsource-128.12.0-1.el9_2.s390x.rpm	SHA-256: ae9df6dfa1b640a4d477f050c9503f62795eccec7a2395d4d4a0a30c7e8ff874

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation