Alerts This Week
Warning Icon 1 1,365
Alerts This Week
Warning Icon 1 1,365

openSUSE MozillaThunderbird Critical Memory Safety Issues Fix 2026-21168-1

opensuse
Calendar Grey June 30, 2026
Dist Opensuse Esm H88
Critical update for openSUSE fixes 56 issues in Mozilla Thunderbird, enhancing its security against vulnerabilities.
An update that solves 56 vulnerabilities and has 5 bug fixes can now be installed.

Description

This update for MozillaThunderbird fixes the following issues:

Changes in MozillaThunderbird:

- Mozilla Thunderbird 140.12.0 ESR

MFSA 2026-61 (bsc#1268071)

* CVE-2026-12289 (bmo#2023443)

Privilege escalation in the Graphics: WebRender component

* CVE-2026-12290 (bmo#2024852)

Memory safety bug fixed in Thunderbird ESR 140.12

* CVE-2026-12291 (bmo#2036929)

Use-after-free in the Networking: HTTP component

* CVE-2026-12292 (bmo#2038465)

Incorrect boundary conditions in the Web Audio component

* CVE-2026-12294 (bmo#2039873)

Sandbox escape in the DOM: Workers component

* CVE-2026-12295 (bmo#2040160)

Sandbox escape in the DOM: Navigation component

* CVE-2026-12298 (bmo#2041981)

Memory safety bug fixed in Thunderbird ESR 140.12

* CVE-2026-12296 (bmo#2040515)

Sandbox escape in the Security: Process Sandboxing component

* CVE-2026-12297 (bmo#2041610)

Sandbox escape due to incorrect boundary conditions in the

Networking component

*...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory critical memory safety OpenSUSE sandbox escape MozillaThunderbird

Patch

Package List

- openSUSE Leap 16.0:

MozillaThunderbird-140.12.0-bp160.1.1

MozillaThunderbird-openpgp-librnp-140.12.0-bp160.1.1

MozillaThunderbird-translations-common-140.12.0-bp160.1.1

MozillaThunderbird-translations-other-140.12.0-bp160.1.1

References

* bsc#1158957

* bsc#1263110

* bsc#1264378

* bsc#1265212

* bsc#1268071

References:

* https://www.suse.com/security/cve/CVE-2026-12289.html

* https://www.suse.com/security/cve/CVE-2026-12290.html

* https://www.suse.com/security/cve/CVE-2026-12291.html

* https://www.suse.com/security/cve/CVE-2026-12292.html

* https://www.suse.com/security/cve/CVE-2026-12294.html

* https://www.suse.com/security/cve/CVE-2026-12295.html

* https://www.suse.com/security/cve/CVE-2026-12296.html

* https://www.suse.com/security/cve/CVE-2026-12297.html

* https://www.suse.com/security/cve/CVE-2026-12298.html

* https://www.suse.com/security/cve/CVE-2026-12299.html

* https://www.suse.com/security/cve/CVE-2026-12302.html

* https://www.suse.com/security/cve/CVE-2026-12304.html

* https://www.suse.com/security/cve/CVE-2026-12305.html

* https://www.suse.com/security/cve/CVE-2026-12306.html

* https://www.suse.com/security/cve/CVE-2026-12307.html

* https://www.suse.com/security/cve/CVE-2026-12308.html

*...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21168-1
Rating: critical
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory critical memory safety OpenSUSE sandbox escape MozillaThunderbird

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here