[SECURITY] [DLA 4372-1] thunderbird security update

[Emilio Pozuelo Monfort <pochu@debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4372-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
November 16, 2025                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : thunderbird
Version        : 1:140.5.0esr-1~deb11u1
CVE ID         : CVE-2025-13012 CVE-2025-13013 CVE-2025-13014 CVE-2025-13015
                 CVE-2025-13016 CVE-2025-13017 CVE-2025-13018 CVE-2025-13019
                 CVE-2025-13020

Multiple security issues were discovered in Thunderbird, which could
potentially result in the execution of arbitrary code or bypass of the
same-origin policy.

For Debian 11 bullseye, these problems have been fixed in version
1:140.5.0esr-1~deb11u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmkZwWMACgkQnUbEiOQ2
gwKdbhAAmvdaxZDJqqjKN7u8EppoQn3LhsTE2z1EXjLrsqkFwyJtXzPW8/PUdb77
EpMnTIKUR81WPQWNKjGv8L7+5bEpkv7gZpmHmuKk1ZUQSJ6JJCtqkex9xILZL8Mr
Y14GzI6IwhYrnNCaDDvMLsRglkJ68vUkL9mxvGUPzlmbmGyErSWm+KtqAxh5Pi5u
wIQnkauw2VYr7+8ZvYSiUf6qOJ65PPRtF6EfaR7c0ZJs+yRld8UJOaXl+tOV3hfq
KLGKvdmO+JtCujCTKjC6DThdGnR7rxhXUphiIr8/Yn/txBvfkS453uA7VyDBY8Vg
v6s247+p5A5KtjhzLtFMidtCXE2Izkk5qL4/8kHBbOkqx7Z2VXyak//YFKoJZLvD
MmHxlDQzI8nI+klKXrh3ZATZoKoxkMmoAye/Cw5d4tfF06N9MaPOLY5QbIrI4n6l
7yHkIWEOfFBTy0jhL/RxLBjBCue55O1nYgkMiY2pkEftrq3oSfVh6FApBdb/rNEV
mCPm7MNasDBlBaPcr7LWScZNsNkfvG9fxU7wgrhQS1ZGoia3vy88/gPVRGphlrwr
OpEgqd10v/+nSNqHbVjNRu9T+zKSBPHkv6t0ZrPj0o13L+HdEVlz68ka4X9KFHJq
fyuQecQ9jWKDjK/205iierYSFXfZxy+uK1SDDsaZ1431mjL5Yn8=
=owwr
-----END PGP SIGNATURE-----