[SECURITY] [DSA 6011-1] thunderbird security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6011-1] thunderbird security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 25 Sep 2025 18:52:09 +0000
Message-id: <[🔎] aNWPWawpa36y0dZy@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6011-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 25, 2025                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2025-10527 CVE-2025-10528 CVE-2025-10529
                 CVE-2025-10532 CVE-2025-10533 CVE-2025-10536
                 CVE-2025-10537

Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code.

Debian follows the Thunderbird upstream releases. Support for the
128.x series has ended, so starting with this update we're now
following the 140.x series.

For the oldstable distribution (bookworm), these problems have been fixed
in version 1:140.3.0esr-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 1:140.3.0esr-1~deb13u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjVjRMACgkQEMKTtsN8
TjZOLQ/9EFfLByeImV6erN5fhYQx5IaiOL+dHjdIJSZn7A5Muu64kypJaGJMcQaO
bJ5rcRhOJNg9J3GAlk+kx4SM1g0SKUTwOOwDHSUTUn6uxmF0gaV5V91TUjPNHrTy
sqtRJuHLDD1al6kJ5Lvh3smNLe0eyk6xC7lcEwBLwvmPQY6EocPG893X/HxSgJ7t
sAQUFA74AZ0q53go8E72YmoYS83RJhUP9R44jlSXLX4geMDaGBZ1jy1C7UimfBND
zVLp0aRIJ1g0wNXAJjYalU8V6PoVWKrPjdSoCYCrtVcP5anLZdPVxR72PyLvq1+6
9qPStUFdzkd+wB2dVCGGntlGk9hMt6EG48gPJdF6MoCcCSuOH5JaaiAnfygZXmS2
mF6rLcq2VIANZPYppSSAVyNgnzTcsduge2YJCJIh293Yubf50zZjyzpnh9VBjVMW
aYP2tp/kCicxDXxs2LqewjZtcxxaQW8p5WhRbGWx6sg513Y7Xfc1goKgTiKqguFq
+OnXqnlhw1UhqjjwYCagCS+LqcUsvijgb+SRSIcR0K/ceZm+yrPi7GxltFHyDnYM
fLgWBc1ltVZO/JWWD8VxnkGnuK3gUNGPA5LDk0xW4onL8x5SJf2cxrS7BuSbwsz0
VOPLI+O4cWw0ZfaNsX14Zo6NNUJFa8PePr9EBrKyOki/K2ol5+g=
=mWxs
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6010-1] chromium security update
Next by Date: [SECURITY] [DSA 6012-1] nncp security update
Previous by thread: [SECURITY] [DSA 6010-1] chromium security update
Next by thread: [SECURITY] [DSA 6012-1] nncp security update
Index(es):
- Date
- Thread