Thunderbird 140 Patch: When FontFaceSet Crashes and YouTube Embeds Run Amok!

Security vulnerabilities fixed in Thunderbird 140 include a use-after-free in FontFaceSet and a WebCompat extension exposing a persistent UUID. While Thunderbird generally disables scripting when reading mail, these flaws pose risks in browser-like contexts. Keep your emails safe and avoid accidental YouTube binges—update now!

1P
Published: July 2, 2025 9:36 pmAdded: July 2, 2025 at 2:52 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Thunderbird 140: Where fixing security flaws is like playing a game of whack-a-mole, but with a lot more acronyms and a lot less fun! Grab your tinfoil hats, email enthusiasts, because Mozilla is serving up a piping hot platter of security patches that you’d better not ignore. After all, who knew your beloved email client could moonlight as a gateway to the chaos realm of cyber vulnerabilities?

Key Points:

  • Thunderbird has patched multiple security vulnerabilities in version 140, with impacts ranging from high to low.
  • CVE-2025-6424 involves a use-after-free vulnerability in FontFaceSet, potentially causing crashes.
  • Some vulnerabilities, like CVE-2025-6425, could allow attackers to obtain persistent UUIDs across browsing modes.
  • Several issues relate to security policy bypasses and incorrect URL parsing, posing moderate risks.
  • Low-impact vulnerabilities include DNS leaks, WebAuthn issues, and HTTPS exceptions lacking anti-clickjacking measures.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?