Debian has released security updates for the Thunderbird email client to address multiple vulnerabilities, including arbitrary code execution. The issues were fixed in version 1:128.14.0esr-1deb11u1 for Debian 11 (Bullseye) LTS and versions 1:128.14.0esr-1deb12u1 and 1:128.14.0esr-1~deb13u1 for the oldstable Debian 12 (Bookworm) and stable Debian 13 (Trixie) distributions, respectively. Users are advised to upgrade their Thunderbird packages to ensure security.

[DLA 4279-1] thunderbird security update
[DSA 5984-1] thunderbird security update

[SECURITY] [DLA 4279-1] thunderbird security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4279-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
August 24, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : thunderbird
Version : 1:128.14.0esr-1~deb11u1
CVE ID : CVE-2025-9179 CVE-2025-9180 CVE-2025-9181 CVE-2025-9185

Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code.

For Debian 11 bullseye, these problems have been fixed in version
1:128.14.0esr-1~deb11u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[SECURITY] [DSA 5984-1] thunderbird security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5984-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 24, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2025-9179 CVE-2025-9180 CVE-2025-9181 CVE-2025-9185

Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code.

For the oldstable distribution (bookworm), these problems have been fixed
in version 1:128.14.0esr-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 1:128.14.0esr-1~deb13u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/