Red Hat Product Errata RHSA-2025:7435 - Security Advisory
Issued:
2025-05-13
Updated:
2025-05-13

RHSA-2025:7435 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

  • thunderbird: User Interface (UI) Misrepresentation of attachment URL (CVE-2025-3523)
  • thunderbird: Information Disclosure of /tmp directory listing (CVE-2025-2830)
  • thunderbird: Leak of hashed Window credentials via crafted attachment URL (CVE-2025-3522)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x

Fixes

  • BZ - 2359786 - CVE-2025-3523 thunderbird: User Interface (UI) Misrepresentation of attachment URL
  • BZ - 2359789 - CVE-2025-2830 thunderbird: Information Disclosure of /tmp directory listing
  • BZ - 2359793 - CVE-2025-3522 thunderbird: Leak of hashed Window credentials via crafted attachment URL

Red Hat Enterprise Linux for x86_64 9

SRPM
thunderbird-128.10.0-1.el9_6.src.rpm SHA-256: 326e5ca3eaa73f1908df8262c5a243999939a03439d98a4e5f77e1324171c3ae
x86_64
thunderbird-128.10.0-1.el9_6.x86_64.rpm SHA-256: dcef3786f9b058ff129a776bdf4f3dec298f4439c4e55a3a1c92fcf4d745609d
thunderbird-debuginfo-128.10.0-1.el9_6.x86_64.rpm SHA-256: 9af6fd09d478e66341763757d5cf49386c38bd16ad3659331500fbc2399e0789
thunderbird-debugsource-128.10.0-1.el9_6.x86_64.rpm SHA-256: e3a56de4741144a2ed86770c103df11b129b6c7a671811ccf60525f71ea5be34

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
thunderbird-128.10.0-1.el9_6.src.rpm SHA-256: 326e5ca3eaa73f1908df8262c5a243999939a03439d98a4e5f77e1324171c3ae
x86_64
thunderbird-128.10.0-1.el9_6.x86_64.rpm SHA-256: dcef3786f9b058ff129a776bdf4f3dec298f4439c4e55a3a1c92fcf4d745609d
thunderbird-debuginfo-128.10.0-1.el9_6.x86_64.rpm SHA-256: 9af6fd09d478e66341763757d5cf49386c38bd16ad3659331500fbc2399e0789
thunderbird-debugsource-128.10.0-1.el9_6.x86_64.rpm SHA-256: e3a56de4741144a2ed86770c103df11b129b6c7a671811ccf60525f71ea5be34

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
thunderbird-128.10.0-1.el9_6.src.rpm SHA-256: 326e5ca3eaa73f1908df8262c5a243999939a03439d98a4e5f77e1324171c3ae
x86_64
thunderbird-128.10.0-1.el9_6.x86_64.rpm SHA-256: dcef3786f9b058ff129a776bdf4f3dec298f4439c4e55a3a1c92fcf4d745609d
thunderbird-debuginfo-128.10.0-1.el9_6.x86_64.rpm SHA-256: 9af6fd09d478e66341763757d5cf49386c38bd16ad3659331500fbc2399e0789
thunderbird-debugsource-128.10.0-1.el9_6.x86_64.rpm SHA-256: e3a56de4741144a2ed86770c103df11b129b6c7a671811ccf60525f71ea5be34

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
thunderbird-128.10.0-1.el9_6.src.rpm SHA-256: 326e5ca3eaa73f1908df8262c5a243999939a03439d98a4e5f77e1324171c3ae
s390x
thunderbird-128.10.0-1.el9_6.s390x.rpm SHA-256: 40eee92a92fcee0911e5edf3ce417678ae6890e6e0321a714a48a57d92c0076b
thunderbird-debuginfo-128.10.0-1.el9_6.s390x.rpm SHA-256: 9951a9ea500d47cdc8c59fecf2d26ae3f7fb79792e978a9a00756fdddf315802
thunderbird-debugsource-128.10.0-1.el9_6.s390x.rpm SHA-256: 4a9f84e12df68b660dc5b68b8eda39ba42ebca6910cdfccb7553f1c9ee52e969

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
thunderbird-128.10.0-1.el9_6.src.rpm SHA-256: 326e5ca3eaa73f1908df8262c5a243999939a03439d98a4e5f77e1324171c3ae
s390x
thunderbird-128.10.0-1.el9_6.s390x.rpm SHA-256: 40eee92a92fcee0911e5edf3ce417678ae6890e6e0321a714a48a57d92c0076b
thunderbird-debuginfo-128.10.0-1.el9_6.s390x.rpm SHA-256: 9951a9ea500d47cdc8c59fecf2d26ae3f7fb79792e978a9a00756fdddf315802
thunderbird-debugsource-128.10.0-1.el9_6.s390x.rpm SHA-256: 4a9f84e12df68b660dc5b68b8eda39ba42ebca6910cdfccb7553f1c9ee52e969

Red Hat Enterprise Linux for Power, little endian 9

SRPM
thunderbird-128.10.0-1.el9_6.src.rpm SHA-256: 326e5ca3eaa73f1908df8262c5a243999939a03439d98a4e5f77e1324171c3ae
ppc64le
thunderbird-128.10.0-1.el9_6.ppc64le.rpm SHA-256: 9f39eb2eaa8c8e2750fc178fb8efaa171682318e6c257d07a3ee6f286020c5a7
thunderbird-debuginfo-128.10.0-1.el9_6.ppc64le.rpm SHA-256: 16efddd3efb87725b92c93f93b9d98c804f06d2f71b30025fb4c65495a6fc64f
thunderbird-debugsource-128.10.0-1.el9_6.ppc64le.rpm SHA-256: e8cd7d17cf32516ba25d6db94b1655cf0a15915a87672e8d9afa3f781301ebe9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
thunderbird-128.10.0-1.el9_6.src.rpm SHA-256: 326e5ca3eaa73f1908df8262c5a243999939a03439d98a4e5f77e1324171c3ae
ppc64le
thunderbird-128.10.0-1.el9_6.ppc64le.rpm SHA-256: 9f39eb2eaa8c8e2750fc178fb8efaa171682318e6c257d07a3ee6f286020c5a7
thunderbird-debuginfo-128.10.0-1.el9_6.ppc64le.rpm SHA-256: 16efddd3efb87725b92c93f93b9d98c804f06d2f71b30025fb4c65495a6fc64f
thunderbird-debugsource-128.10.0-1.el9_6.ppc64le.rpm SHA-256: e8cd7d17cf32516ba25d6db94b1655cf0a15915a87672e8d9afa3f781301ebe9

Red Hat Enterprise Linux for ARM 64 9

SRPM
thunderbird-128.10.0-1.el9_6.src.rpm SHA-256: 326e5ca3eaa73f1908df8262c5a243999939a03439d98a4e5f77e1324171c3ae
aarch64
thunderbird-128.10.0-1.el9_6.aarch64.rpm SHA-256: dc865eaa250b8f35bb68ee6909fd85a96162922de101d6efa18a4158fbb0fa20
thunderbird-debuginfo-128.10.0-1.el9_6.aarch64.rpm SHA-256: 1c3e4c859741d7b9e1a137fd6677d0fbf4ce3e3dbd64db5cfe308759d05aeaaa
thunderbird-debugsource-128.10.0-1.el9_6.aarch64.rpm SHA-256: 2ec5630253b49bdf5c246ca0e975c2187a24ad684fc131feb9da5d3367d47f7a

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
thunderbird-128.10.0-1.el9_6.src.rpm SHA-256: 326e5ca3eaa73f1908df8262c5a243999939a03439d98a4e5f77e1324171c3ae
aarch64
thunderbird-128.10.0-1.el9_6.aarch64.rpm SHA-256: dc865eaa250b8f35bb68ee6909fd85a96162922de101d6efa18a4158fbb0fa20
thunderbird-debuginfo-128.10.0-1.el9_6.aarch64.rpm SHA-256: 1c3e4c859741d7b9e1a137fd6677d0fbf4ce3e3dbd64db5cfe308759d05aeaaa
thunderbird-debugsource-128.10.0-1.el9_6.aarch64.rpm SHA-256: 2ec5630253b49bdf5c246ca0e975c2187a24ad684fc131feb9da5d3367d47f7a

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
thunderbird-128.10.0-1.el9_6.src.rpm SHA-256: 326e5ca3eaa73f1908df8262c5a243999939a03439d98a4e5f77e1324171c3ae
ppc64le
thunderbird-128.10.0-1.el9_6.ppc64le.rpm SHA-256: 9f39eb2eaa8c8e2750fc178fb8efaa171682318e6c257d07a3ee6f286020c5a7
thunderbird-debuginfo-128.10.0-1.el9_6.ppc64le.rpm SHA-256: 16efddd3efb87725b92c93f93b9d98c804f06d2f71b30025fb4c65495a6fc64f
thunderbird-debugsource-128.10.0-1.el9_6.ppc64le.rpm SHA-256: e8cd7d17cf32516ba25d6db94b1655cf0a15915a87672e8d9afa3f781301ebe9

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
thunderbird-128.10.0-1.el9_6.src.rpm SHA-256: 326e5ca3eaa73f1908df8262c5a243999939a03439d98a4e5f77e1324171c3ae
x86_64
thunderbird-128.10.0-1.el9_6.x86_64.rpm SHA-256: dcef3786f9b058ff129a776bdf4f3dec298f4439c4e55a3a1c92fcf4d745609d
thunderbird-debuginfo-128.10.0-1.el9_6.x86_64.rpm SHA-256: 9af6fd09d478e66341763757d5cf49386c38bd16ad3659331500fbc2399e0789
thunderbird-debugsource-128.10.0-1.el9_6.x86_64.rpm SHA-256: e3a56de4741144a2ed86770c103df11b129b6c7a671811ccf60525f71ea5be34

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
thunderbird-128.10.0-1.el9_6.src.rpm SHA-256: 326e5ca3eaa73f1908df8262c5a243999939a03439d98a4e5f77e1324171c3ae
aarch64
thunderbird-128.10.0-1.el9_6.aarch64.rpm SHA-256: dc865eaa250b8f35bb68ee6909fd85a96162922de101d6efa18a4158fbb0fa20
thunderbird-debuginfo-128.10.0-1.el9_6.aarch64.rpm SHA-256: 1c3e4c859741d7b9e1a137fd6677d0fbf4ce3e3dbd64db5cfe308759d05aeaaa
thunderbird-debugsource-128.10.0-1.el9_6.aarch64.rpm SHA-256: 2ec5630253b49bdf5c246ca0e975c2187a24ad684fc131feb9da5d3367d47f7a

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
thunderbird-128.10.0-1.el9_6.src.rpm SHA-256: 326e5ca3eaa73f1908df8262c5a243999939a03439d98a4e5f77e1324171c3ae
s390x
thunderbird-128.10.0-1.el9_6.s390x.rpm SHA-256: 40eee92a92fcee0911e5edf3ce417678ae6890e6e0321a714a48a57d92c0076b
thunderbird-debuginfo-128.10.0-1.el9_6.s390x.rpm SHA-256: 9951a9ea500d47cdc8c59fecf2d26ae3f7fb79792e978a9a00756fdddf315802
thunderbird-debugsource-128.10.0-1.el9_6.s390x.rpm SHA-256: 4a9f84e12df68b660dc5b68b8eda39ba42ebca6910cdfccb7553f1c9ee52e969

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.