Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Mageia 9 Thunderbird Critical Security Fixes MGASA-2026-0125

mageia
Calendar Grey May 9, 2026
Dist Mageia Esm H88
Updates for Thunderbird packages address critical security issues, including privilege escalations and information disclosures.
MGASA-2026-0125 - Updated thunderbird packages fix security vulnerabilities

Summary

Description: Use-after-free in the DOM: Core & HTML component. (CVE-2026-6746) Use-after-free in the WebRTC component. (CVE-2026-6747) Uninitialized memory in the Audio/Video: Web Codecs component. (CVE-2026-6748) Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. (CVE-2026-6749) Privilege escalation in the Graphics: WebRender component. (CVE-2026-6750) Uninitialized memory in the Audio/Video: Web Codecs component. (CVE-2026-6751) Incorrect boundary conditions in the WebRTC component. (CVE-2026-6752) Incorrect boundary conditions in the WebRTC component. (CVE-2026-6753) Use-after-free in the JavaScript Engine component. (CVE-2026-6754) Invalid pointer in the JavaScript: WebAssembly component. (CVE-2026-6757) Use-after-free in the Widget: Cocoa component. (CVE-2026-6759) Privilege escalation in the Networking component. (CVE-2026-6761) Spoofing issue in the DOM: Core & HTML component. (CVE-2026-6762) Mitigation bypass in the File Handling componen...

References

- https://bugs.mageia.org/show_bug.cgi?id=35404

- https://www.thunderbird.net/en-US/thunderbird/140.10.0esr/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/

- https://www.thunderbird.net/en-US/thunderbird/140.10.1esr/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6746

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6747

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6748

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6749

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6750

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6751

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6752

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6753

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6754

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6757

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6759

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6761

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6762

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6763

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6764

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6765

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6769

Topics%20covered

Topics Covered

security advisory critical privilege escalation information disclosure thunderbird Mageia

Resolution

SRPMS

- 9/core/thunderbird-140.10.1-1.mga9

- 9/core/thunderbird-l10n-140.10.1-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 09 May 2026
URL: https://advisories.mageia.org/MGASA-2026-0125.html
Type: security
CVE: CVE-2026-6746, CVE-2026-6747, CVE-2026-6748, CVE-2026-6749, CVE-2026-6750, CVE-2026-6751, CVE-2026-6752, CVE-2026-6753, CVE-2026-6754, CVE-2026-6757, CVE-2026-6759, CVE-2026-6761, CVE-2026-6762, CVE-2026-6763, CVE-2026-6764, CVE-2026-6765, CVE-2026-6769

Topics%20covered

Topics Covered

security advisory critical privilege escalation information disclosure thunderbird Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here