AlmaLinux has released an important security update for Thunderbird, impacting users of AlmaLinux 10. The update, designated as ALSA-2025:8196, was made available on May 29, 2025. Users subscribed to AlmaLinux's errata notifications will receive updates about significant security issues.
Mozilla Thunderbird, a standalone email and newsgroup client, has several vulnerabilities addressed in this update, including:
- CVE-2025-3909: A flaw allowing JavaScript execution through spoofed PDF attachments and file links.
- CVE-2025-3875: A vulnerability related to sender spoofing via malformed 'From' headers.
- CVE-2025-3877: Issues leading to unsolicited file downloads, possible disk space exhaustion, and credential leakage through specific mailbox links.
- CVE-2025-3932: A bypass of remote content blocking for tracking links in attachments.
For comprehensive details, including the impact of these vulnerabilities and their CVSS scores, users can refer to the linked CVE pages.
For further inquiries or to manage notification settings, users are encouraged to visit the AlmaLinux community chat or the mailing list management page.
In addition to these updates, users should remain vigilant about security practices and ensure that their systems are updated regularly to mitigate potential risks from vulnerabilities. The AlmaLinux team is committed to providing timely updates and support for its community
Mozilla Thunderbird, a standalone email and newsgroup client, has several vulnerabilities addressed in this update, including:
- CVE-2025-3909: A flaw allowing JavaScript execution through spoofed PDF attachments and file links.
- CVE-2025-3875: A vulnerability related to sender spoofing via malformed 'From' headers.
- CVE-2025-3877: Issues leading to unsolicited file downloads, possible disk space exhaustion, and credential leakage through specific mailbox links.
- CVE-2025-3932: A bypass of remote content blocking for tracking links in attachments.
For comprehensive details, including the impact of these vulnerabilities and their CVSS scores, users can refer to the linked CVE pages.
For further inquiries or to manage notification settings, users are encouraged to visit the AlmaLinux community chat or the mailing list management page.
In addition to these updates, users should remain vigilant about security practices and ensure that their systems are updated regularly to mitigate potential risks from vulnerabilities. The AlmaLinux team is committed to providing timely updates and support for its community
Thunderbird security update for AlmaLinux 10
Updated Thunderbird packages have been released for AlmaLinux 10:
ALSA-2025:8196: thunderbird security update (Important)Thunderbird security update for AlmaLinux 10 @ Linux Compatible
