Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN539
_____________________________________________________________________

DATE                : 21/08/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Thunderbird versions prior to 142,
                                       128.14, 140.2.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2025-70/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-72/
_____________________________________________________________________

Mozilla Foundation Security Advisory 2025-70
Security Vulnerabilities fixed in Thunderbird 142

Announced
    August 19, 2025
Impact
    high
Products
    Thunderbird
Fixed in

        Thunderbird 142

In general, these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled when reading mail,
but are potentially risks in browser or browser-like contexts.


#CVE-2025-9179: Sandbox escape due to invalid pointer in the
Audio/Video: GMP component

Reporter
    Oskar
Impact
    high

Description

An attacker was able to perform memory corruption in the GMP
process which processes encrypted media. This process is also
heavily sandboxed, but represents slightly different privileges
from the content process.

References

    Bug 1979527


#CVE-2025-9180: Same-origin policy bypass in the
Graphics: Canvas2D component

Reporter
    Tom Van Goethem
Impact
    high

Description

'Same-origin policy bypass in the Graphics: Canvas2D component.'

References

    Bug 1979782


#CVE-2025-9181: Uninitialized memory in the JavaScript Engine
component

Reporter
    Irvan Kurniawan
Impact
    moderate

Description

Uninitialized memory in the JavaScript Engine component.

References

    Bug 1977130


#CVE-2025-9182: Denial-of-service due to out-of-memory
in the Graphics: WebRender component

Reporter
    Irvan Kurniawan
Impact
    low

Description

'Denial-of-service due to out-of-memory in the
Graphics: WebRender component.'

References

    Bug 1975837


#CVE-2025-9187: Memory safety bugs fixed in Firefox 142
and Thunderbird 142

Reporter
    Andy Leiserson, Maurice Dauer, Sebastian Hengst and
the Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox 141 and Thunderbird 141.
Some of these bugs showed evidence of memory corruption and
we presume that with enough effort some of these could have
been exploited to run arbitrary code.

References

    Memory safety bugs fixed in Firefox 142 and Thunderbird 142


#CVE-2025-9184: Memory safety bugs fixed in Firefox ESR 140.2,
Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142

Reporter
    Paul Bone, Ryan VanderMeulen and the Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox ESR 140.1, Thunderbird
ESR 140.1, Firefox 141 and Thunderbird 141. Some of these
bugs showed evidence of memory corruption and we presume that
with enough effort some of these could have been exploited
to run arbitrary code.

References

    Memory safety bugs fixed in Firefox ESR 140.2,
Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142


#CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27,
Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,
Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142

Reporter
    The Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox ESR 115.26, Firefox ESR
128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some
of these bugs showed evidence of memory corruption and we
presume that with enough effort some of these could have been
exploited to run arbitrary code.

References

    Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR
128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,
Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142

_____________________________________________________________________


Mozilla Foundation Security Advisory 2025-71
Security Vulnerabilities fixed in Thunderbird 128.14

Announced
    August 19, 2025
Impact
    high
Products
    Thunderbird
Fixed in

        Thunderbird 128.14

In general, these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled when reading mail,
but are potentially risks in browser or browser-like contexts.


#CVE-2025-9179: Sandbox escape due to invalid pointer in the
Audio/Video: GMP component

Reporter
    Oskar
Impact
    high

Description

An attacker was able to perform memory corruption in the GMP process
which processes encrypted media. This process is also heavily
sandboxed, but represents slightly different privileges from the
content process.

References

    Bug 1979527


#CVE-2025-9180: Same-origin policy bypass in the
Graphics: Canvas2D component

Reporter
    Tom Van Goethem
Impact
    high

Description

'Same-origin policy bypass in the Graphics: Canvas2D component.'

References

    Bug 1979782


#CVE-2025-9181: Uninitialized memory in the JavaScript
Engine component

Reporter
    Irvan Kurniawan
Impact
    moderate

Description

Uninitialized memory in the JavaScript Engine component.
References

    Bug 1977130


#CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27,
Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,
Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142

Reporter
    The Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13,
Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1,
Firefox 141 and Thunderbird 141. Some of these bugs showed evidence
of memory corruption and we presume that with enough effort some of
these could have been exploited to run arbitrary code.

References

    Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR
128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird
ESR 140.2, Firefox 142 and Thunderbird 142

_____________________________________________________________________


Mozilla Foundation Security Advisory 2025-72
Security Vulnerabilities fixed in Thunderbird 140.2

Announced
    August 19, 2025
Impact
    high
Products
    Thunderbird
Fixed in

        Thunderbird 140.2

In general, these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled when reading mail,
but are potentially risks in browser or browser-like contexts.


#CVE-2025-9179: Sandbox escape due to invalid pointer in the
Audio/Video: GMP component

Reporter
    Oskar
Impact
    high

Description

An attacker was able to perform memory corruption in the GMP process
which processes encrypted media. This process is also heavily
sandboxed, but represents slightly different privileges from the
content process.

References

    Bug 1979527


#CVE-2025-9180: Same-origin policy bypass in the
Graphics: Canvas2D component

Reporter
    Tom Van Goethem
Impact
    high

Description

'Same-origin policy bypass in the Graphics: Canvas2D component.'

References

    Bug 1979782


#CVE-2025-9181: Uninitialized memory in the JavaScript Engine
component

Reporter
    Irvan Kurniawan
Impact
    moderate

Description

Uninitialized memory in the JavaScript Engine component.

References

    Bug 1977130


#CVE-2025-9182: Denial-of-service due to out-of-memory in
the Graphics: WebRender component

Reporter
    Irvan Kurniawan
Impact
    low

Description

'Denial-of-service due to out-of-memory in the
Graphics: WebRender component.'

References

    Bug 1975837


#CVE-2025-9184: Memory safety bugs fixed in Firefox ESR
140.2, Thunderbird ESR 140.2, Firefox 142 and
Thunderbird 142

Reporter
    Paul Bone, Ryan VanderMeulen and the Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox ESR 140.1, Thunderbird
ESR 140.1, Firefox 141 and Thunderbird 141. Some of these
bugs showed evidence of memory corruption and we presume that
with enough effort some of these could have been exploited to
run arbitrary code.

References

    Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird
ESR 140.2, Firefox 142 and Thunderbird 142

#CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27,
Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,
Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142

Reporter
    The Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox ESR 115.26, Firefox ESR
128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird
ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs
showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run
arbitrary code.

References

    Memory safety bugs fixed in Firefox ESR 115.27, Firefox
ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,
Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================