Urgent security update for Mozilla Thunderbird fixes 8 critical vulnerabilities, including CVE-2025-5262 (CVSS 7.5) and payment card leaks. Learn how to patch SUSE Linux, openSUSE Leap, and enterprise systems now to prevent exploits.
Why This Update Matters
Mozilla Thunderbird users on SUSE Linux Enterprise, openSUSE Leap, and related distributions must prioritize this high-severity patch. The update addresses eight vulnerabilities, including:
Remote code execution (CVE-2025-5262) via libvpx encoder (CVSS 7.5).
Clickjacking attacks (CVE-2025-5267) exposing saved payment card details.
Cross-origin data leaks (CVE-2025-5266/5268/5269) with CVSS scores up to 6.5.
Enterprise Impact: Systems like SUSE Linux Enterprise Server for SAP are at risk if unpatched.
Patch Details & Installation Guide
Affected Versions:
Thunderbird 128.11 (ESR)
Distributions:
SUSE Linux Enterprise Desktop/Server 15 SP6/SP7
openSUSE Leap 15.6
SUSE Package Hub 15
How to Update:
Terminal Command:
zypper in -t patch [Product-Specific-Patch-Code]
(Replace with your OS patch code from below.)
GUI Method: Use YaST Online Update for automated patching.
Patch Codes:
| Distribution | Command |
|---|---|
| SUSE Package Hub 15 SP7 | zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-1946=1 |
| openSUSE Leap 15.6 | zypper in -t patch openSUSE-SLE-15.6-2025-1946=1 |
Vulnerability Breakdown
| CVE | Risk | CVSS | Impact |
|---|---|---|---|
| CVE-2025-5262 | High | 7.5 | Double-free crash (remote) |
| CVE-2025-5267 | Medium | 5.4 | Payment card data theft |
| CVE-2025-5268 | Medium | 6.5 | Memory corruption exploits |
Key Fixes:
Local code execution via "Copy as cURL" commands (CVE-2025-5264/5265).
Script isolation flaws leaking cross-origin data (CVE-2025-5263).
FAQs
Q: Is this update critical for home users?
A: Yes—especially if you use Thunderbird for online payments or sensitive data.
Q: How to verify the patch installed correctly?
A: Run:
rpm -q MozillaThunderbird --changelog | grep 128.11
Nenhum comentário:
Postar um comentário