Mozilla Foundation Security Advisory 2025-78
Security Vulnerabilities fixed in Thunderbird 140.3
- Announced
- September 16, 2025
- Impact
- high
- Products
- Thunderbird
- Fixed in
- 
        - Thunderbird 140.3
 
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
#CVE-2025-10527: Sandbox escape due to use-after-free in the Graphics: Canvas2D component
- Reporter
- Oskar L
- Impact
- high
References
#CVE-2025-10528: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component
- Reporter
- Oskar L
- Impact
- high
References
#CVE-2025-10529: Same-origin policy bypass in the Layout component
- Reporter
- Daniel Holbert
- Impact
- moderate
References
#CVE-2025-10532: Incorrect boundary conditions in the JavaScript: GC component
- Reporter
- Gary Kwong
- Impact
- moderate
References
#CVE-2025-10533: Integer overflow in the SVG component
- Reporter
- Andrew Creskey
- Impact
- moderate
References
#CVE-2025-10536: Information disclosure in the Networking: Cache component
- Reporter
- Ibuki Sato
- Impact
- low
References
#CVE-2025-10537: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143
- Reporter
- Andrew McCreight and the Mozilla Fuzzing Team
- Impact
- high
Description
Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.