{"schema_version":"1.7.2","id":"OESA-2026-2109","modified":"2026-04-25T05:51:01Z","published":"2026-04-25T05:51:01Z","upstream":["CVE-2026-2776","CVE-2026-2780","CVE-2026-5731","CVE-2026-5732","CVE-2026-5734","CVE-2026-6746","CVE-2026-6747","CVE-2026-6748","CVE-2026-6749","CVE-2026-6750","CVE-2026-6751","CVE-2026-6752","CVE-2026-6753","CVE-2026-6754","CVE-2026-6757","CVE-2026-6759","CVE-2026-6761","CVE-2026-6762","CVE-2026-6763","CVE-2026-6764","CVE-2026-6765","CVE-2026-6766","CVE-2026-6767","CVE-2026-6769","CVE-2026-6770","CVE-2026-6771","CVE-2026-6772","CVE-2026-6776","CVE-2026-6785","CVE-2026-6786"],"summary":"thunderbird security update","details":"Mozilla Thunderbird is a standalone mail and newsgroup client.\r\n\r\nSecurity Fix(es):\n\nSandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.(CVE-2026-2776)\n\nPrivilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.(CVE-2026-2780)\n\nMemory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 115.34.1, and Firefox ESR < 140.9.1.(CVE-2026-5731)\n\nIncorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability affects Firefox < 149.0.2 and Firefox ESR < 140.9.1.(CVE-2026-5732)\n\nMemory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2 and Firefox ESR < 140.9.1.(CVE-2026-5734)\n\nUse-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.(CVE-2026-6746)\n\nUse-after-free vulnerability in the WebRTC component of Firefox. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.(CVE-2026-6747)\n\nUninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.(CVE-2026-6748)\n\nInformation disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.(CVE-2026-6749)\n\nPrivilege escalation vulnerability in the WebRender graphics component of Firefox browser. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.(CVE-2026-6750)\n\nAn uninitialized memory vulnerability exists in the Audio/Video: Web Codecs component of Firefox browser. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.(CVE-2026-6751)\n\nIncorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.(CVE-2026-6752)\n\nIncorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.(CVE-2026-6753)\n\nA use-after-free vulnerability exists in the JavaScript Engine component of Mozilla Firefox. An attacker could potentially exploit this vulnerability to execute arbitrary code or cause the application to crash. This vulnerability has been fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.(CVE-2026-6754)\n\nInvalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.(CVE-2026-6757)\n\nA use-after-free vulnerability exists in the Widget: Cocoa component of Mozilla Firefox and Thunderbird. The vulnerability stems from the program referencing memory after it has been freed. An attacker could exploit this vulnerability to cause the application to crash, read unexpected values, or execute arbitrary code, thereby affecting the confidentiality, integrity, and availability of the system. This vulnerability affects Firefox versions up to 149 and corresponding versions of Thunderbird.(CVE-2026-6759)\n\nA privilege escalation vulnerability exists in the Networking component of Mozilla Firefox and Thunderbird. An attacker could potentially exploit this vulnerability to escalate privileges, which may lead to remote code execution, impacting confidentiality, integrity, and availability. This vulnerability affects Firefox versions up to 149 and corresponding versions of Thunderbird.(CVE-2026-6761)\n\nSpoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.(CVE-2026-6762)\n\nA mitigation bypass vulnerability exists in the File Handling component of Mozilla Firefox and Thunderbird. This vulnerability could allow an attacker to bypass security mitigations, potentially impacting the confidentiality, integrity, and availability of the system. According to VulDB, this vulnerability is rated as critical. Affected versions include Firefox up to version 149, Firefox ESR prior to 140.10, Thunderbird up to version 149, and Thunderbird ESR prior to 140.10.(CVE-2026-6763)\n\nAn incorrect boundary condition vulnerability exists in the DOM (Document Object Model) 'Device Interfaces' component of Mozilla Firefox and Thunderbird. This vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), which is a memory corruption issue. An attacker could potentially exploit this by tricking a user into visiting a specially crafted web page, causing the application to read from or write to a memory location outside the intended boundary of a buffer. This impacts the confidentiality, integrity, and availability of the affected system.(CVE-2026-6764)\n\nAn information disclosure vulnerability (CWE-200) exists in the Form Autofill component of Mozilla Firefox. This vulnerability could allow sensitive information to be exposed to unauthorized actors, posing a threat to data confidentiality. This vulnerability affects Firefox versions up to 149, Firefox ESR versions prior to 140.10, Thunderbird versions up to 149, and Thunderbird ESR versions prior to 140.10.(CVE-2026-6765)\n\nAn incorrect boundary condition vulnerability exists in the Network Security Services (NSS) library used by Mozilla Firefox, Firefox ESR, and Thunderbird. An attacker could exploit this vulnerability to read from or write to a memory location outside the intended boundary of a buffer, leading to memory corruption. This could result in application crashes, denial of service, or potentially arbitrary code execution, threatening confidentiality, integrity, and availability.(CVE-2026-6766)\n\nA security vulnerability exists in the Network Security Services (NSS) library used by Mozilla Firefox and Thunderbird. This vulnerability is rated as critical and could allow an attacker to remotely execute arbitrary code, thereby compromising the confidentiality, integrity, and availability of the system. Affected versions include Firefox up to 149 and earlier, as well as corresponding versions of Firefox ESR and Thunderbird.(CVE-2026-6767)\n\nA privilege escalation vulnerability exists in the Debugger component of Mozilla Firefox and Thunderbird. An attacker could potentially exploit this vulnerability to execute arbitrary code or escalate privileges on affected systems, impacting confidentiality, integrity, and availability. This vulnerability affects Firefox versions up to 149 and corresponding versions of Thunderbird.(CVE-2026-6769)\n\nA critical vulnerability exists in the Storage: IndexedDB component of Mozilla Firefox (web browser) and Thunderbird (mail client). An attacker could potentially exploit this vulnerability to execute remote code on affected systems, impacting confidentiality, integrity, and availability. This vulnerability affects Firefox versions up to 149, Firefox ESR versions prior to 140.10, Thunderbird versions up to 149, and Thunderbird ESR versions prior to 140.10.(CVE-2026-6770)\n\nA mitigation bypass vulnerability exists in the DOM (Document Object Model) security component of Mozilla Firefox and Thunderbird. This vulnerability affects Firefox versions up to 149, Firefox ESR versions prior to 140.10, Thunderbird versions up to 149, and Thunderbird ESR versions prior to 140.10. An attacker could potentially exploit this vulnerability to bypass certain security mechanisms, posing a threat to system integrity.(CVE-2026-6771)\n\nAn incorrect boundary conditions vulnerability (CWE-119) exists in the Network Security Services (NSS) library used by Mozilla Firefox. The vulnerability occurs when the product performs operations on a memory buffer, allowing it to read from or write to a memory location outside the intended boundary of the buffer, leading to memory corruption. This impacts confidentiality, integrity, and availability. Affected versions include Firefox up to 149, Firefox ESR prior to 115.35, Firefox ESR prior to 140.10, Thunderbird prior to 150, and Thunderbird prior to 140.10.(CVE-2026-6772)\n\nAn incorrect boundary conditions vulnerability exists in the WebRTC Networking component of Mozilla Firefox and Thunderbird. This vulnerability is classified as critical, with the root cause being CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer. An attacker could exploit this vulnerability to read from or write to a memory location outside the intended boundary of a buffer, leading to memory corruption. This impacts the confidentiality, integrity, and availability of the system. This vulnerability affects Firefox versions up to 149, Firefox ESR versions prior to 140.10, Thunderbird versions up to 149, and Thunderbird ESR versions prior to 140.10.(CVE-2026-6776)\n\nMemory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.(CVE-2026-6785)\n\nMemory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.(CVE-2026-6786)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP3","name":"thunderbird","purl":"pkg:rpm/openEuler/thunderbird&distro=openEuler-24.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"140.10.0-1.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["thunderbird-140.10.0-1.oe2403sp3.aarch64.rpm","thunderbird-debuginfo-140.10.0-1.oe2403sp3.aarch64.rpm","thunderbird-debugsource-140.10.0-1.oe2403sp3.aarch64.rpm","thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.aarch64.rpm","thunderbird-wayland-140.10.0-1.oe2403sp3.aarch64.rpm"],"src":["thunderbird-140.10.0-1.oe2403sp3.src.rpm"],"x86_64":["thunderbird-140.10.0-1.oe2403sp3.x86_64.rpm","thunderbird-debuginfo-140.10.0-1.oe2403sp3.x86_64.rpm","thunderbird-debugsource-140.10.0-1.oe2403sp3.x86_64.rpm","thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.x86_64.rpm","thunderbird-wayland-140.10.0-1.oe2403sp3.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2109"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2776"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2780"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5731"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5732"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5734"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6746"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6747"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6748"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6749"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6750"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6751"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6752"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6753"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6754"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6757"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6759"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6761"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6762"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6763"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6764"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6765"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6766"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6767"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6769"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6770"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6771"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6772"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6776"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6785"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6786"}],"database_specific":{"severity":"Critical"}}