Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
23e2b06c by Moritz Muehlenhoff at 2025-07-03T12:53:02+02:00
new thunderbird issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2343,14 +2343,18 @@ CVE-2025-6430 (When a file download is specified via
the `Content-Disposition` h
{DSA-5950-1 DLA-4231-1}
- firefox 140.0-1
- firefox-esr 128.12.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6430
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6430
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-54/#CVE-2025-6430
CVE-2025-6429 (Firefox could have incorrectly parsed a URL and rewritten it to
the yo ...)
{DSA-5950-1 DLA-4231-1}
- firefox 140.0-1
- firefox-esr 128.12.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6429
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6429
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-54/#CVE-2025-6429
CVE-2025-6428 (When a URL was provided in a link querystring parameter,
Firefox for A ...)
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6428
@@ -2360,20 +2364,26 @@ CVE-2025-6427 (An attacker was able to bypass the
`connect-src` directive of a C
CVE-2025-6426 (The executable file warning did not warn users before opening
files wi ...)
- firefox <not-affected> (MacOS-specific)
- firefox-esr <not-affected> (MacOS-specific)
+ - thunderbird <not-affected> (MacOS-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6426
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6426
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-54/#CVE-2025-6426
CVE-2025-6425 (An attacker who enumerated resources from the WebCompat
extension coul ...)
{DSA-5950-1 DLA-4231-1}
- firefox 140.0-1
- firefox-esr 128.12.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6425
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6425
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-54/#CVE-2025-6425
CVE-2025-6424 (A use-after-free in FontFaceSet resulted in a potentially
exploitable ...)
{DSA-5950-1 DLA-4231-1}
- firefox 140.0-1
- firefox-esr 128.12.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6424
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6424
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-54/#CVE-2025-6424
CVE-2025-6560 (Multiple wireless router models from Sapido have an Exposure of
Sensit ...)
NOT-FOR-US: Sapido
CVE-2025-6559 (Multiple wireless router models from Sapido have an OS Command
Injecti ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -63,6 +63,8 @@ sogo
--
sympa
--
+thunderbird (jmm)
+--
tomcat10
--
wordpress
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23e2b06c202ec15f6d78f8de6fbafab87043655c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23e2b06c202ec15f6d78f8de6fbafab87043655c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
