Alerts This Week
Warning Icon 1 717
Alerts This Week
Warning Icon 1 717

SUSE 15 SP7 MozillaThunderbird Important Denial-of-Service 2026-1163-1

suse
Calendar Grey April 1, 2026
Dist Suse Esm H88
Install the latest Mozilla Thunderbird update for SUSE to fix 40 important issues impacting security and performance.
An update that solves 40 vulnerabilities can now be installed.

Summary

## This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.9 (MFSA 2026-24, bsc#1260083): * CVE-2026-3889: Spoofing issue in Thunderbird * CVE-2026-4371: Out of bounds read in IMAP parsing * CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component * CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component * CVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access APIs component * CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

Topics%20covered

Topics Covered

security advisory denial of service SuSE important information disclosure mozilla thunderbird

References

* bsc#1260083

Cross-

* CVE-2025-59375

* CVE-2026-3889

* CVE-2026-4371

* CVE-2026-4684

* CVE-2026-4685

* CVE-2026-4686

* CVE-2026-4687

* CVE-2026-4688

* CVE-2026-4689

* CVE-2026-4690

* CVE-2026-4691

* CVE-2026-4692

* CVE-2026-4693

* CVE-2026-4694

* CVE-2026-4695

* CVE-2026-4696

* CVE-2026-4697

* CVE-2026-4698

* CVE-2026-4699

* CVE-2026-4700

* CVE-2026-4701

* CVE-2026-4702

* CVE-2026-4704

* CVE-2026-4705

* CVE-2026-4706

* CVE-2026-4707

* CVE-2026-4708

* CVE-2026-4709

* CVE-2026-4710

* CVE-2026-4711

* CVE-2026-4712

* CVE-2026-4713

* CVE-2026-4714

* CVE-2026-4715

* CVE-2026-4716

* CVE-2026-4717

* CVE-2026-4718

* CVE-2026-4719

* CVE-2026-4720

* CVE-2026-4721

CVSS scores:

* CVE-2025-59375 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1163-1
Release Date: 2026-04-01T08:49:15Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service SuSE important information disclosure mozilla thunderbird

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here