Mozilla has released Thunderbird 128.9 on April 1: https://www.thunderbird.net/en-US/thunderbird/128.9.0esr/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2025-24/
CVE: (none) => CVE-2025-3028, CVE-2025-3029, CVE-2025-3030Whiteboard: (none) => MGA9TOOSource RPM: (none) => thunderbird, thunderbird-l10nDepends on: (none) => 34153
Suggested advisory: ======================== The updated packages fix a security vulnerability: Use-after-free triggered by XSLTProcessor. (CVE-2025-3028) URL Bar Spoofing via non-BMP Unicode characters. (CVE-2025-3029) Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. (CVE-2025-3030) References: https://www.thunderbird.net/en-US/thunderbird/128.9.0esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2025-24/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-128.9.0-1.mga9 thunderbird-af-128.9.0-1.mga9 thunderbird-ar-128.9.0-1.mga9 thunderbird-ast-128.9.0-1.mga9 thunderbird-be-128.9.0-1.mga9 thunderbird-bg-128.9.0-1.mga9 thunderbird-br-128.9.0-1.mga9 thunderbird-ca-128.9.0-1.mga9 thunderbird-cs-128.9.0-1.mga9 thunderbird-cy-128.9.0-1.mga9 thunderbird-da-128.9.0-1.mga9 thunderbird-de-128.9.0-1.mga9 thunderbird-dsb-128.9.0-1.mga9 thunderbird-el-128.9.0-1.mga9 thunderbird-en_CA-128.9.0-1.mga9 thunderbird-en_GB-128.9.0-1.mga9 thunderbird-en_US-128.9.0-1.mga9 thunderbird-es_AR-128.9.0-1.mga9 thunderbird-es_ES-128.9.0-1.mga9 thunderbird-es_MX-128.9.0-1.mga9 thunderbird-et-128.9.0-1.mga9 thunderbird-eu-128.9.0-1.mga9 thunderbird-fi-128.9.0-1.mga9 thunderbird-fr-128.9.0-1.mga9 thunderbird-fy_NL-128.9.0-1.mga9 thunderbird-ga_IE-128.9.0-1.mga9 thunderbird-gd-128.9.0-1.mga9 thunderbird-gl-128.9.0-1.mga9 thunderbird-he-128.9.0-1.mga9 thunderbird-hr-128.9.0-1.mga9 thunderbird-hsb-128.9.0-1.mga9 thunderbird-hu-128.9.0-1.mga9 thunderbird-hy_AM-128.9.0-1.mga9 thunderbird-id-128.9.0-1.mga9 thunderbird-is-128.9.0-1.mga9 thunderbird-it-128.9.0-1.mga9 thunderbird-ja-128.9.0-1.mga9 thunderbird-ka-128.9.0-1.mga9 thunderbird-kab-128.9.0-1.mga9 thunderbird-kk-128.9.0-1.mga9 thunderbird-ko-128.9.0-1.mga9 thunderbird-lt-128.9.0-1.mga9 thunderbird-lv-128.9.0-1.mga9 thunderbird-ms-128.9.0-1.mga9 thunderbird-nb_NO-128.9.0-1.mga9 thunderbird-nl-128.9.0-1.mga9 thunderbird-nn_NO-128.9.0-1.mga9 thunderbird-pa_IN-128.9.0-1.mga9 thunderbird-pl-128.9.0-1.mga9 thunderbird-pt_BR-128.9.0-1.mga9 thunderbird-pt_PT-128.9.0-1.mga9 thunderbird-ro-128.9.0-1.mga9 thunderbird-ru-128.9.0-1.mga9 thunderbird-sk-128.9.0-1.mga9 thunderbird-sl-128.9.0-1.mga9 thunderbird-sq-128.9.0-1.mga9 thunderbird-sr-128.9.0-1.mga9 thunderbird-sv_SE-128.9.0-1.mga9 thunderbird-th-128.9.0-1.mga9 thunderbird-tr-128.9.0-1.mga9 thunderbird-uk-128.9.0-1.mga9 thunderbird-uz-128.9.0-1.mga9 thunderbird-vi-128.9.0-1.mga9 thunderbird-zh_CN-128.9.0-1.mga9 thunderbird-zh_TW-128.9.0-1.mga9 from SRPMS: thunderbird-128.9.0-1.mga9.src.rpm thunderbird-l10n-128.9.0-1.mga9.src.rpm
Version: Cauldron => 9Assignee: bugsquad => qa-bugsWhiteboard: MGA9TOO => (none)Status: NEW => ASSIGNED
Hi, installed in Mageia9 x86_64 no issues for the moment. I have created a new account with sync calendars and contacts. Works fine for me. Greetings!
CC: (none) => Joselp
Keywords: (none) => advisory
OK mga9-64 on my workstation svarten Plasma X11, Swedish locale Intel Core i7 870, GPU: AMD Navi 24 Radeon RX 6400 $ thunderbird --version Thunderbird 128.9.0esr Repeated tests like I use to perform: Closed Thunderbird, data backup, updated, started: Thunderbird just keep working OK: Opened tabs restored Settings and local mail kept IMAP (offline, IMAP to synk to server) SMTP Sent and received mail with inline png and attached pdf Viewed attached pdf in Thunderbird, and printed to network printer. I do not use calendar nor tasks or filters.
CC: (none) => fri
mga9, x64 Installed and relaunched without complaint. All data preserved including a loaded attachment. Checked SMTP server settings. Messages coming in regularly over several hours. Tried the Search tool, which returned dozens of hits in milliseconds in a long scrollable list. On this occasion, having neglected to make an up-to-date backup of Local Folders, it was a relief to see that all data had been retained. No need to worry about new profile. Definitely OK here.
CC: (none) => tarazed25
MGA9-64 Plasma Wayland on Compaq H000SB. No installation issues. Send and receive mails without and with attachment works OK. Googel calender nicely synchronizes. Good enough for me.
CC: (none) => herman.viaene
Do we need 32 bit tests too?
Whiteboard: (none) => MGA9-64-OK
MGA9-64 Plasma, on two machines. Using it for a few days now. One machine, my main production install was completely OK. The other is OK for email, but when first installed all the Usenet history was wiped out. Newsgroup subscriptions were still there, but no downloaded headers and (of course) no information on which posts had been read/unread. It's never happened before, was only on the one install, and operation has been normal since, so I believe it was some kind of outside aberration, not related to the update.
CC: (none) => andrewsfarm
We have validated on just 64-bit tests before, several times, so I think it will be enough this time, too. Validating.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0126.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED