[Git][security-tracker-team/security-tracker][master] new thunderbird issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
23e2b06c by Moritz Muehlenhoff at 2025-07-03T12:53:02+02:00
new thunderbird issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2343,14 +2343,18 @@ CVE-2025-6430 (When a file download is specified via the `Content-Disposition` h
 	{DSA-5950-1 DLA-4231-1}
 	- firefox 140.0-1
 	- firefox-esr 128.12.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6430
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6430
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-54/#CVE-2025-6430
 CVE-2025-6429 (Firefox could have incorrectly parsed a URL and rewritten it to the yo ...)
 	{DSA-5950-1 DLA-4231-1}
 	- firefox 140.0-1
 	- firefox-esr 128.12.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6429
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6429
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-54/#CVE-2025-6429
 CVE-2025-6428 (When a URL was provided in a link querystring parameter, Firefox for A ...)
 	- firefox <not-affected> (Android-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6428
@@ -2360,20 +2364,26 @@ CVE-2025-6427 (An attacker was able to bypass the `connect-src` directive of a C
 CVE-2025-6426 (The executable file warning did not warn users before opening files wi ...)
 	- firefox <not-affected> (MacOS-specific)
 	- firefox-esr <not-affected> (MacOS-specific)
+	- thunderbird <not-affected> (MacOS-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6426
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6426
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-54/#CVE-2025-6426
 CVE-2025-6425 (An attacker who enumerated resources from the WebCompat extension coul ...)
 	{DSA-5950-1 DLA-4231-1}
 	- firefox 140.0-1
 	- firefox-esr 128.12.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6425
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6425
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-54/#CVE-2025-6425
 CVE-2025-6424 (A use-after-free in FontFaceSet resulted in a potentially exploitable  ...)
 	{DSA-5950-1 DLA-4231-1}
 	- firefox 140.0-1
 	- firefox-esr 128.12.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/#CVE-2025-6424
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/#CVE-2025-6424
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-54/#CVE-2025-6424
 CVE-2025-6560 (Multiple wireless router models from Sapido have an Exposure of Sensit ...)
 	NOT-FOR-US: Sapido
 CVE-2025-6559 (Multiple wireless router models from Sapido have an OS Command Injecti ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -63,6 +63,8 @@ sogo
 --
 sympa
 --
+thunderbird (jmm)
+--
 tomcat10
 --
 wordpress



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23e2b06c202ec15f6d78f8de6fbafab87043655c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23e2b06c202ec15f6d78f8de6fbafab87043655c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250703/42b57949/attachment.htm>