Security update for MozillaThunderbird

openSUSE_Backports_SLE-16.0_PullRequest_206 Security update for MozillaThunderbird moderate openSUSE Backports SLE-16.0 PullRequest 206 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 140.4: * changed: Account Hub is now disabled by default for second email account * changed: Flatpak runtime has been updated to Freedesktop SDK 24.08 * fixed: Users could not read mail signed with OpenPGP v6 and PQC keys * fixed: Image preview in Insert Image dialog failed with CSP error for web resources * fixed: Emptying trash on exit did not work with some providers * fixed: Thunderbird could crash when applying filters * fixed: Users were unable to override expired mail server certificate * fixed: Opening Website header link in RSS feed incorrectly re-encoded URL parameters * fixed: Security fixes MFSA 2025-85 (bsc#1251263): * CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance() * CVE-2025-11709 Out of bounds read/write in a privileged process triggered by WebGL textures * CVE-2025-11710 Cross-process information leaked due to malicious IPC messages * CVE-2025-11711 Some non-writable Object properties could be modified * CVE-2025-11712 An OBJECT tag type attribute overrode browser behavior on web resources without a content-type * CVE-2025-11713 Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-11714 Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 * CVE-2025-11715 Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 MozillaThunderbird-140.4.0-bp160.999999.1.1.src.rpm MozillaThunderbird-140.4.0-bp160.999999.1.1.x86_64.rpm MozillaThunderbird-debuginfo-140.4.0-bp160.999999.1.1.x86_64.rpm MozillaThunderbird-debugsource-140.4.0-bp160.999999.1.1.x86_64.rpm MozillaThunderbird-openpgp-librnp-140.4.0-bp160.999999.1.1.x86_64.rpm MozillaThunderbird-openpgp-librnp-debuginfo-140.4.0-bp160.999999.1.1.x86_64.rpm MozillaThunderbird-translations-common-140.4.0-bp160.999999.1.1.x86_64.rpm MozillaThunderbird-translations-other-140.4.0-bp160.999999.1.1.x86_64.rpm openSUSE_Backports_SLE-16.0_PullRequest_206 Security update for MozillaThunderbird moderate openSUSE Backports SLE-16.0 PullRequest 206 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 140.4: * changed: Account Hub is now disabled by default for second email account * changed: Flatpak runtime has been updated to Freedesktop SDK 24.08 * fixed: Users could not read mail signed with OpenPGP v6 and PQC keys * fixed: Image preview in Insert Image dialog failed with CSP error for web resources * fixed: Emptying trash on exit did not work with some providers * fixed: Thunderbird could crash when applying filters * fixed: Users were unable to override expired mail server certificate * fixed: Opening Website header link in RSS feed incorrectly re-encoded URL parameters * fixed: Security fixes MFSA 2025-85 (bsc#1251263): * CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance() * CVE-2025-11709 Out of bounds read/write in a privileged process triggered by WebGL textures * CVE-2025-11710 Cross-process information leaked due to malicious IPC messages * CVE-2025-11711 Some non-writable Object properties could be modified * CVE-2025-11712 An OBJECT tag type attribute overrode browser behavior on web resources without a content-type * CVE-2025-11713 Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-11714 Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 * CVE-2025-11715 Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 MozillaThunderbird-140.4.0-bp160.999999.1.1.aarch64.rpm MozillaThunderbird-140.4.0-bp160.999999.1.1.src.rpm MozillaThunderbird-debuginfo-140.4.0-bp160.999999.1.1.aarch64.rpm MozillaThunderbird-debugsource-140.4.0-bp160.999999.1.1.aarch64.rpm MozillaThunderbird-openpgp-librnp-140.4.0-bp160.999999.1.1.aarch64.rpm MozillaThunderbird-openpgp-librnp-debuginfo-140.4.0-bp160.999999.1.1.aarch64.rpm MozillaThunderbird-translations-common-140.4.0-bp160.999999.1.1.aarch64.rpm MozillaThunderbird-translations-other-140.4.0-bp160.999999.1.1.aarch64.rpm