Test ID:	1.3.6.1.4.1.25623.1.1.18.2.2025.0405.1
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (SUSE-SU-2025:0405-1)
Summary:	The remote host is missing an update for the 'MozillaThunderbird' package(s) announced via the SUSE-SU-2025:0405-1 advisory.
Description:	Summary: The remote host is missing an update for the 'MozillaThunderbird' package(s) announced via the SUSE-SU-2025:0405-1 advisory. Vulnerability Insight: - CVE-2025-1009: use-after-free in XSLT. - CVE-2025-1010: use-after-free in Custom Highlight. - CVE-2025-1011: a bug in WebAssembly code generation could result in a crash. - CVE-2025-1012: use-after-free during concurrent delazification. - CVE-2024-11704: potential double-free vulnerability in PKCS#7 decryption handling. - CVE-2025-1013: potential opening of private browsing tabs in normal browsing windows. - CVE-2025-1014: certificate length was not properly checked. - CVE-2025-1015: unsanitized address book fields. - CVE-2025-0510: address of e-mail sender can be spoofed by malicious email. - CVE-2025-1016: memory safety bugs. - CVE-2025-1017: memory safety bugs. Other fixes: - fixed: images inside links could zoom when clicked instead of opening the link. - fixed: compacting an empty folder failed with write error. - fixed: compacting of IMAP folder with corrupted local storage failed with write error. - fixed: after restart, all restored tabs with opened PDFs showed the same attachment. - fixed: exceptions during CalDAV item processing would halt subsequent item handling. - fixed: context menu was unable to move email address to a different field. - fixed: link at about:rights pointed to Firefox privacy policy instead of Thunderbird's. - fixed: POP3 'fetch headers only' and 'get selected messages' could delete messages. - fixed: 'Search Online' checkbox in saved search properties was incorrectly disabled. - fixed: POP3 status message showed incorrect download count when messages were deleted. - fixed: space bar did not always advance to the next unread message. - fixed: folder creation or renaming failed due to incorrect preference settings. - fixed: forwarding/editing S/MIME drafts/templates unusable due to regression (bsc#1236411). - fixed: sort order in 'Search Messages' panel reset after search or on first launch. - fixed: reply window added an unnecessary third blank line at the top. - fixed: Thunderbird spell check box did not allow ENTER to accept suggested changes. - fixed: long email subject lines could overlap window control buttons on macOS. - fixed: flathub manifest link was not correct. - fixed: 'Prefer client-side email scheduling' needed to be selected twice. - fixed: duplicate invitations were sent if CALDAV calendar email case did not match. - fixed: visual and UX improvements. Affected Software/OS: 'MozillaThunderbird' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-11704 Common Vulnerability Exposure (CVE) ID: CVE-2025-0510 Common Vulnerability Exposure (CVE) ID: CVE-2025-1009 Common Vulnerability Exposure (CVE) ID: CVE-2025-1010 Common Vulnerability Exposure (CVE) ID: CVE-2025-1011 Common Vulnerability Exposure (CVE) ID: CVE-2025-1012 Common Vulnerability Exposure (CVE) ID: CVE-2025-1013 Common Vulnerability Exposure (CVE) ID: CVE-2025-1014 Common Vulnerability Exposure (CVE) ID: CVE-2025-1015 Common Vulnerability Exposure (CVE) ID: CVE-2025-1016 Common Vulnerability Exposure (CVE) ID: CVE-2025-1017
Copyright	Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.