Red Hat Product Errata RHSA-2025:10195 - Security Advisory
Issued:
2025-07-02
Updated:
2025-07-02

RHSA-2025:10195 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

  • thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links (CVE-2025-5986)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2372281 - CVE-2025-5986 thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links

Red Hat Enterprise Linux for x86_64 10

SRPM
thunderbird-128.12.0-1.el10_0.src.rpm SHA-256: c72c127cee4b7b06d0e989ee38b295db3d2007e3aeb3c3246cfceadd800f7d34
x86_64
thunderbird-128.12.0-1.el10_0.x86_64.rpm SHA-256: 5ec4566db05ef9ae5279c721fc5f38d4813d9270c2d24132c9fe665281ea29c6
thunderbird-debuginfo-128.12.0-1.el10_0.x86_64.rpm SHA-256: 71252348b2f2a92e10526ae556ce1791fe46bf50bf0e481284238c7f92e44365
thunderbird-debugsource-128.12.0-1.el10_0.x86_64.rpm SHA-256: 5275f0962a8eef4de45f96694541967bfb0489ad69de123013de4e17fc5ea829

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
thunderbird-128.12.0-1.el10_0.src.rpm SHA-256: c72c127cee4b7b06d0e989ee38b295db3d2007e3aeb3c3246cfceadd800f7d34
x86_64
thunderbird-128.12.0-1.el10_0.x86_64.rpm SHA-256: 5ec4566db05ef9ae5279c721fc5f38d4813d9270c2d24132c9fe665281ea29c6
thunderbird-debuginfo-128.12.0-1.el10_0.x86_64.rpm SHA-256: 71252348b2f2a92e10526ae556ce1791fe46bf50bf0e481284238c7f92e44365
thunderbird-debugsource-128.12.0-1.el10_0.x86_64.rpm SHA-256: 5275f0962a8eef4de45f96694541967bfb0489ad69de123013de4e17fc5ea829

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
thunderbird-128.12.0-1.el10_0.src.rpm SHA-256: c72c127cee4b7b06d0e989ee38b295db3d2007e3aeb3c3246cfceadd800f7d34
s390x
thunderbird-128.12.0-1.el10_0.s390x.rpm SHA-256: 937cb5f51a8d3ca5e76b5df4f401b2d0de0267965b2ea3e3afa3e5e53e377120
thunderbird-debuginfo-128.12.0-1.el10_0.s390x.rpm SHA-256: ab8f8670044e4a85099c5f82f238266c0bf27c275abbef94338f3ea24de69031
thunderbird-debugsource-128.12.0-1.el10_0.s390x.rpm SHA-256: d5eed4cb8601c121e1f44d2f1db1eb63b94bf4e78acdb5e903776181fe3d116d

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
thunderbird-128.12.0-1.el10_0.src.rpm SHA-256: c72c127cee4b7b06d0e989ee38b295db3d2007e3aeb3c3246cfceadd800f7d34
s390x
thunderbird-128.12.0-1.el10_0.s390x.rpm SHA-256: 937cb5f51a8d3ca5e76b5df4f401b2d0de0267965b2ea3e3afa3e5e53e377120
thunderbird-debuginfo-128.12.0-1.el10_0.s390x.rpm SHA-256: ab8f8670044e4a85099c5f82f238266c0bf27c275abbef94338f3ea24de69031
thunderbird-debugsource-128.12.0-1.el10_0.s390x.rpm SHA-256: d5eed4cb8601c121e1f44d2f1db1eb63b94bf4e78acdb5e903776181fe3d116d

Red Hat Enterprise Linux for Power, little endian 10

SRPM
thunderbird-128.12.0-1.el10_0.src.rpm SHA-256: c72c127cee4b7b06d0e989ee38b295db3d2007e3aeb3c3246cfceadd800f7d34
ppc64le
thunderbird-128.12.0-1.el10_0.ppc64le.rpm SHA-256: cf717b22249b4cec2db65f945036bf13484289556f7e1920d709497f25b1b9ad
thunderbird-debuginfo-128.12.0-1.el10_0.ppc64le.rpm SHA-256: deef8e299de551ab78f4bf17405ee3b29dc4610c750e10144f45a11385b016e9
thunderbird-debugsource-128.12.0-1.el10_0.ppc64le.rpm SHA-256: aa7edc23bcab487266ab88a55d872a18690d215fdd01bbd986ec487c6e6095b4

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
thunderbird-128.12.0-1.el10_0.src.rpm SHA-256: c72c127cee4b7b06d0e989ee38b295db3d2007e3aeb3c3246cfceadd800f7d34
ppc64le
thunderbird-128.12.0-1.el10_0.ppc64le.rpm SHA-256: cf717b22249b4cec2db65f945036bf13484289556f7e1920d709497f25b1b9ad
thunderbird-debuginfo-128.12.0-1.el10_0.ppc64le.rpm SHA-256: deef8e299de551ab78f4bf17405ee3b29dc4610c750e10144f45a11385b016e9
thunderbird-debugsource-128.12.0-1.el10_0.ppc64le.rpm SHA-256: aa7edc23bcab487266ab88a55d872a18690d215fdd01bbd986ec487c6e6095b4

Red Hat Enterprise Linux for ARM 64 10

SRPM
thunderbird-128.12.0-1.el10_0.src.rpm SHA-256: c72c127cee4b7b06d0e989ee38b295db3d2007e3aeb3c3246cfceadd800f7d34
aarch64
thunderbird-128.12.0-1.el10_0.aarch64.rpm SHA-256: c453104ba41e8590f45e4d539ff6999706c1a0bff1b937604f769264ebf59477
thunderbird-debuginfo-128.12.0-1.el10_0.aarch64.rpm SHA-256: ddbeed670e8b858221bc6da32565bb722578af58df60b7406d9e8ac6b24cd331
thunderbird-debugsource-128.12.0-1.el10_0.aarch64.rpm SHA-256: 8c95c7df115f6b02c0ddf6d8eb677475bfad02a6d9366c5edeccfafe981fb984

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
thunderbird-128.12.0-1.el10_0.src.rpm SHA-256: c72c127cee4b7b06d0e989ee38b295db3d2007e3aeb3c3246cfceadd800f7d34
aarch64
thunderbird-128.12.0-1.el10_0.aarch64.rpm SHA-256: c453104ba41e8590f45e4d539ff6999706c1a0bff1b937604f769264ebf59477
thunderbird-debuginfo-128.12.0-1.el10_0.aarch64.rpm SHA-256: ddbeed670e8b858221bc6da32565bb722578af58df60b7406d9e8ac6b24cd331
thunderbird-debugsource-128.12.0-1.el10_0.aarch64.rpm SHA-256: 8c95c7df115f6b02c0ddf6d8eb677475bfad02a6d9366c5edeccfafe981fb984

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
thunderbird-128.12.0-1.el10_0.src.rpm SHA-256: c72c127cee4b7b06d0e989ee38b295db3d2007e3aeb3c3246cfceadd800f7d34
aarch64
thunderbird-128.12.0-1.el10_0.aarch64.rpm SHA-256: c453104ba41e8590f45e4d539ff6999706c1a0bff1b937604f769264ebf59477
thunderbird-debuginfo-128.12.0-1.el10_0.aarch64.rpm SHA-256: ddbeed670e8b858221bc6da32565bb722578af58df60b7406d9e8ac6b24cd331
thunderbird-debugsource-128.12.0-1.el10_0.aarch64.rpm SHA-256: 8c95c7df115f6b02c0ddf6d8eb677475bfad02a6d9366c5edeccfafe981fb984

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
thunderbird-128.12.0-1.el10_0.src.rpm SHA-256: c72c127cee4b7b06d0e989ee38b295db3d2007e3aeb3c3246cfceadd800f7d34
s390x
thunderbird-128.12.0-1.el10_0.s390x.rpm SHA-256: 937cb5f51a8d3ca5e76b5df4f401b2d0de0267965b2ea3e3afa3e5e53e377120
thunderbird-debuginfo-128.12.0-1.el10_0.s390x.rpm SHA-256: ab8f8670044e4a85099c5f82f238266c0bf27c275abbef94338f3ea24de69031
thunderbird-debugsource-128.12.0-1.el10_0.s390x.rpm SHA-256: d5eed4cb8601c121e1f44d2f1db1eb63b94bf4e78acdb5e903776181fe3d116d

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
thunderbird-128.12.0-1.el10_0.src.rpm SHA-256: c72c127cee4b7b06d0e989ee38b295db3d2007e3aeb3c3246cfceadd800f7d34
ppc64le
thunderbird-128.12.0-1.el10_0.ppc64le.rpm SHA-256: cf717b22249b4cec2db65f945036bf13484289556f7e1920d709497f25b1b9ad
thunderbird-debuginfo-128.12.0-1.el10_0.ppc64le.rpm SHA-256: deef8e299de551ab78f4bf17405ee3b29dc4610c750e10144f45a11385b016e9
thunderbird-debugsource-128.12.0-1.el10_0.ppc64le.rpm SHA-256: aa7edc23bcab487266ab88a55d872a18690d215fdd01bbd986ec487c6e6095b4

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
thunderbird-128.12.0-1.el10_0.src.rpm SHA-256: c72c127cee4b7b06d0e989ee38b295db3d2007e3aeb3c3246cfceadd800f7d34
x86_64
thunderbird-128.12.0-1.el10_0.x86_64.rpm SHA-256: 5ec4566db05ef9ae5279c721fc5f38d4813d9270c2d24132c9fe665281ea29c6
thunderbird-debuginfo-128.12.0-1.el10_0.x86_64.rpm SHA-256: 71252348b2f2a92e10526ae556ce1791fe46bf50bf0e481284238c7f92e44365
thunderbird-debugsource-128.12.0-1.el10_0.x86_64.rpm SHA-256: 5275f0962a8eef4de45f96694541967bfb0489ad69de123013de4e17fc5ea829

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.