[SECURITY] [DSA 6040-1] thunderbird security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6040-1] thunderbird security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 26 Oct 2025 18:27:06 +0000
Message-id: <[🔎] aP5n-kKXJ5U5lgR7@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6040-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 26, 2025                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2025-11708 CVE-2025-11709 CVE-2025-11710
                 CVE-2025-11711 CVE-2025-11712 CVE-2025-11714
		 CVE-2025-11715

Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code.

For the oldstable distribution (bookworm), these problems have been fixed
in version 1:140.4.0esr-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 1:140.4.0esr-1~deb13u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmj+ZFoACgkQEMKTtsN8
TjaUNg//QQOJo2Hm9BZLP/4LNn5rPIgO0lMKgn7GM7jDUhJ7mWx1kh42+XXByNdT
uKTTK2Dklo7TN+cGGA9vTwG+/QFOrGegaYRKalLmeQ7SD2faoU+m0mo2rSkBB5dO
wwis2kBCITo/EgXc5i4nMczn/FTJoDe+XF5XoZbQeFLK/FDBUisYvmxDdaW+h39l
l/wb3gATywPHiWokdO9YfCbHxcbMurNKnmnD0mkimkrXVmjDlCoIR7faEduBiRhw
NliFvSUdm+tZFT9XNwGD68ClRoX12/19s9TwZixEOvVh0Lv2vWm7ZaS57f74gFrf
2fR44FR+ZFPvh3DKQHb1ZUqgvvIwYWxmsT8APKuOm4qiQX+9WLSy7DOBf9O4YZAT
VLqinmxcyF0vGR+eiRr28F8db7d4jYZR8xqD0RyHALXtvhj0nyHok3ErDw2efUm4
LJhI3uJ9a/1SqswWaUf4Zy5CVPiJV1wqUhLRzauHH+nr5R8OxvYUQ6MPgkT3KGkp
AjcFfkIG8b8Wg9lgVAFNmUQA4iX/4883jhXcwsV+tMDjS0NWKXxWKLMSBaDCaQEh
dpr3SQKBwNvyogcQM5aOAa1OV37c1r9ArXucgm5+I7Gn35DjFeNUBxWDIoTDT3Jy
EX/LRElKeLtD6Y8n1a8TS8Yr7udzGTkdbfj4SN2hbd1tsM6XmVA=
=RxK/
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6039-1] openjdk-25 security update
Next by Date: [SECURITY] [DSA 6041-1] strongswan security update
Previous by thread: [SECURITY] [DSA 6039-1] openjdk-25 security update
Next by thread: [SECURITY] [DSA 6041-1] strongswan security update
Index(es):
- Date
- Thread