{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"140.6.0-bp160.1.1","MozillaThunderbird-openpgp-librnp":"140.6.0-bp160.1.1","MozillaThunderbird-translations-common":"140.6.0-bp160.1.1","MozillaThunderbird-translations-other":"140.6.0-bp160.1.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"140.6.0-bp160.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird fixes the following issues:\n\nChanges in MozillaThunderbird:\n\n- Mozilla Thunderbird 140.6.0 ESR\n  MFSA 2025-96 (bsc#1254551)\n  * CVE-2025-14321 (bmo#1992760)\n    Use-after-free in the WebRTC: Signaling component\n  * CVE-2025-14322 (bmo#1996473)\n    Sandbox escape due to incorrect boundary conditions in the\n    Graphics: CanvasWebGL component\n  * CVE-2025-14323 (bmo#1996555)\n    Privilege escalation in the DOM: Notifications component\n  * CVE-2025-14324 (bmo#1996840)\n    JIT miscompilation in the JavaScript Engine: JIT component\n  * CVE-2025-14325 (bmo#1998050)\n    JIT miscompilation in the JavaScript Engine: JIT component\n  * CVE-2025-14328 (bmo#1996761)\n    Privilege escalation in the Netmonitor component\n  * CVE-2025-14329 (bmo#1997018)\n    Privilege escalation in the Netmonitor component\n  * CVE-2025-14330 (bmo#1997503)\n    JIT miscompilation in the JavaScript Engine: JIT component\n  * CVE-2025-14331 (bmo#2000218)\n    Same-origin policy bypass in the Request Handling component\n  * CVE-2025-14333 (bmo#1966501, bmo#1997639)\n    Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird\n    ESR 140.6, Firefox 146 and Thunderbird 146\n","id":"openSUSE-SU-2026:20046-1","modified":"2026-01-16T12:09:04Z","published":"2026-01-16T12:09:04Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1254551"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14321"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14322"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14323"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14324"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14325"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14328"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14329"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14330"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14331"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14333"}],"related":["CVE-2025-14321","CVE-2025-14322","CVE-2025-14323","CVE-2025-14324","CVE-2025-14325","CVE-2025-14328","CVE-2025-14329","CVE-2025-14330","CVE-2025-14331","CVE-2025-14333"],"summary":"Security update for MozillaThunderbird","upstream":["CVE-2025-14321","CVE-2025-14322","CVE-2025-14323","CVE-2025-14324","CVE-2025-14325","CVE-2025-14328","CVE-2025-14329","CVE-2025-14330","CVE-2025-14331","CVE-2025-14333"]}