Red Hat Product Errata RHSA-2025:22450 - Security Advisory
Issued:
2025-12-01
Updated:
2025-12-01

RHSA-2025:22450 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

  • firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)
  • firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)
  • firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)
  • firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)
  • firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)
  • firefox: Race condition in the Graphics component (CVE-2025-13012)
  • firefox: Spoofing issue in Firefox (CVE-2025-13015)
  • firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)
  • firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

  • BZ - 2414079 - CVE-2025-13018 firefox: thunderbird: Mitigation bypass in the DOM: Security component
  • BZ - 2414080 - CVE-2025-13014 firefox: thunderbird: Use-after-free in the Audio/Video component
  • BZ - 2414083 - CVE-2025-13016 firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component
  • BZ - 2414084 - CVE-2025-13019 firefox: thunderbird: Same-origin policy bypass in the DOM: Workers component
  • BZ - 2414085 - CVE-2025-13020 firefox: thunderbird: Use-after-free in the WebRTC: Audio/Video component
  • BZ - 2414086 - CVE-2025-13012 firefox: thunderbird: Race condition in the Graphics component
  • BZ - 2414090 - CVE-2025-13015 firefox: thunderbird: Spoofing issue in Firefox
  • BZ - 2414091 - CVE-2025-13013 firefox: thunderbird: Mitigation bypass in the DOM: Core & HTML component
  • BZ - 2414092 - CVE-2025-13017 firefox: thunderbird: Same-origin policy bypass in the DOM: Notifications component

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
thunderbird-140.5.0-1.el9_2.src.rpm SHA-256: 0f4e7ca33ce0effa1b4aab63732fb414471123174e5ce71c1b6fb8196ee1c414
x86_64
thunderbird-140.5.0-1.el9_2.x86_64.rpm SHA-256: 73a95a0d8cc6c280a49b1e5b185ba1e265e441a0b9c9d6acbd7f2229120237c4
thunderbird-debuginfo-140.5.0-1.el9_2.x86_64.rpm SHA-256: 29dabfdb2bb9781d078929a640150a488b03f948137a64e87ccb425fef75e772
thunderbird-debugsource-140.5.0-1.el9_2.x86_64.rpm SHA-256: 06772f13c115f20569d5d76273b93b0a9674454ff7b88ecd6ec57f1593201388

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
thunderbird-140.5.0-1.el9_2.src.rpm SHA-256: 0f4e7ca33ce0effa1b4aab63732fb414471123174e5ce71c1b6fb8196ee1c414
ppc64le
thunderbird-140.5.0-1.el9_2.ppc64le.rpm SHA-256: 4d803970cfefd996babc9cfbf9f6c48e544ed2c53813df7c675da7a294251d0f
thunderbird-debuginfo-140.5.0-1.el9_2.ppc64le.rpm SHA-256: f660047d1a323d730d70bce24bd2959109ac8da5b495f8a760e139b51d3b57c2
thunderbird-debugsource-140.5.0-1.el9_2.ppc64le.rpm SHA-256: 1a74d22d5c39f040919efe8ba8c6574ae50eb9bd41fa5256ac06b3bd561e84d1

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
thunderbird-140.5.0-1.el9_2.src.rpm SHA-256: 0f4e7ca33ce0effa1b4aab63732fb414471123174e5ce71c1b6fb8196ee1c414
x86_64
thunderbird-140.5.0-1.el9_2.x86_64.rpm SHA-256: 73a95a0d8cc6c280a49b1e5b185ba1e265e441a0b9c9d6acbd7f2229120237c4
thunderbird-debuginfo-140.5.0-1.el9_2.x86_64.rpm SHA-256: 29dabfdb2bb9781d078929a640150a488b03f948137a64e87ccb425fef75e772
thunderbird-debugsource-140.5.0-1.el9_2.x86_64.rpm SHA-256: 06772f13c115f20569d5d76273b93b0a9674454ff7b88ecd6ec57f1593201388

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
thunderbird-140.5.0-1.el9_2.src.rpm SHA-256: 0f4e7ca33ce0effa1b4aab63732fb414471123174e5ce71c1b6fb8196ee1c414
aarch64
thunderbird-140.5.0-1.el9_2.aarch64.rpm SHA-256: 984565996e9c7d2d6e70e1b8722cce113344235e1987866416e925a208355090
thunderbird-debuginfo-140.5.0-1.el9_2.aarch64.rpm SHA-256: 1f9c1ec85b1f96aa718c33bcc30a96d09dcba8aa4befe947260bdde00df1afc7
thunderbird-debugsource-140.5.0-1.el9_2.aarch64.rpm SHA-256: 18cee8b3c6cc2cc751bdf34e4f3ced553ee6eb59b940604bc54f13fbb8e92c20

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
thunderbird-140.5.0-1.el9_2.src.rpm SHA-256: 0f4e7ca33ce0effa1b4aab63732fb414471123174e5ce71c1b6fb8196ee1c414
s390x
thunderbird-140.5.0-1.el9_2.s390x.rpm SHA-256: de2cb6941bdab0b07f8daf97b9a9e61ed51fdd957a0ad3bfa5f25b2135bdd72b
thunderbird-debuginfo-140.5.0-1.el9_2.s390x.rpm SHA-256: 74d54f9fbf4da68e9ebe2094903d0732d266a24f3f4a940c1280ae8873982fdd
thunderbird-debugsource-140.5.0-1.el9_2.s390x.rpm SHA-256: f10f4d72af3a472ec92905b02c944dc620a94739a78f941d821cef811ef02c4d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.