## This update for MozillaThunderbird fixes the following issues Updated to Mozilla Thunderbird 140.10.1: MFSA 2026-34 (bsc#1262230): * CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. * CVE-2026-6747: Use-after-free in the WebRTC component. * CVE-2026-6748: Uninitialized memory in the Audio/Video: Web Codecs component. * CVE-2026-6749: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. * CVE-2026-6750: Privilege escalation in the Graphics: WebRender component. * CVE-2026-6751: Uninitialized memory in the Audio/Video: Web Codecs component. * CVE-2026-6752: Incorrect boundary conditions in the WebRTC component. * CVE-2026-6753: Incorrect boundary conditions in the WebRTC component.
* bsc#1262230
* bsc#1263110
Cross-
* CVE-2026-6746
* CVE-2026-6747
* CVE-2026-6748
* CVE-2026-6749
* CVE-2026-6750
* CVE-2026-6751
* CVE-2026-6752
* CVE-2026-6753
* CVE-2026-6754
* CVE-2026-6757
* CVE-2026-6759
* CVE-2026-6761
* CVE-2026-6762
* CVE-2026-6763
* CVE-2026-6764
* CVE-2026-6765
* CVE-2026-6766
* CVE-2026-6767
* CVE-2026-6769
* CVE-2026-6770
* CVE-2026-6771
* CVE-2026-6772
* CVE-2026-6776
* CVE-2026-6785
* CVE-2026-6786
* CVE-2026-7320
* CVE-2026-7321
* CVE-2026-7322
* CVE-2026-7323
CVSS scores:
* CVE-2026-6746 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-6747 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-6748 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Get the latest Linux and open source security news straight to your inbox.