Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves 29 vulnerabilities can now be installed.. # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2026:2852-1 Release Date: 2026-07-10T17:49:29Z Rating: important References: * bsc#1268071 Cross-References: * CVE-2026-12289 * CVE-2026-12290 * CVE-2026-12291 * CVE-2026-12292 * CVE-2026-12294 * CVE-2026-12295 * CVE-2026-12296 * CVE-2026-12297 * CVE-2026-12298 * CVE-2026-12299 * CVE-2026-12302 * CVE-2026-12304 * CVE-2026-12305 * CVE-2026-12306 * CVE-2026-12307 * CVE-2026-12308 * CVE-2026-12309 * CVE-2026-12310 * CVE-2026-12311 * CVE-2026-12312 * CVE-2026-12313 * CVE-2026-12314 * CVE-2026-12315 * CVE-2026-12324 * CVE-2026-12325 * CVE-2026-12327 * CVE-2026-12328 * CVE-2026-12329 * CVE-2026-12330 CVSS scores: * CVE-2026-12289 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12289 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12290 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-12290 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-12290 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12291 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12291 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12291 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12292 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-12292 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12292 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-12294 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12294 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-12294 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12295 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12295 ( NVD ): 7.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12295 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-12296 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12296 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-12296 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12297 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12297 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-12297 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12298 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12298 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12298 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12299 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12299 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12299 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12302 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-12302 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-12304 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12304 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12305 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-12305 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-12306 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12306 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12307 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12307 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12308 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12308 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12309 ( SUSE ): 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-12309 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-12310 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12310 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12311 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-12311 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-12312 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12312 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12313 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-12313 ( NVD ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-12314 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12314 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12315 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12315 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12324 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-12324 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-12325 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-12325 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-12327 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12327 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12328 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12328 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12328 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12329 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-12329 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-12329 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12330 ( SUSE ): 5.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12330 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 29 vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues Update to Firefox 140.12.0 ESR (MFSA 2026-58, bsc#1268071): * CVE-2026-12289: Privilege escalation in the Graphics: WebRender component. * CVE-2026-12290: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12291: Use-after-free in the Networking: HTTP component. * CVE-2026-12292: Incorrect boundary conditions in the Web Audio component. * CVE-2026-12294: Sandbox escape in the DOM: Workers component. * CVE-2026-12295: Sandbox escape in the DOM: Navigation component. * CVE-2026-12296: Sandbox escape in the Security: Process Sandboxing component. * CVE-2026-12297: Sandbox escape due to incorrect boundary conditions in the Networking component. * CVE-2026-12298: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12299: JIT miscompilation in the DOM: Core & HTML component. * CVE-2026-12302: Mitigation bypass in the DOM: Security component. * CVE-2026-12304: Same-origin policy bypass in the Networking: Cookies component. * CVE-2026-12305: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12306: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12307: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12308: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12309: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12310: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12311: Information disclosure, sandbox escape in the Security: ProcessSandboxing component. * CVE-2026-12312: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12313: Information disclosure, sandbox escape in the Security: Process Sandboxing component. * CVE-2026-12314: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12315: Mitigation bypass in the DOM: Security component. * CVE-2026-12324: Incorrect boundary conditions in the Graphics: CanvasWebGL component. * CVE-2026-12325: Denial-of-service in the Graphics: ImageLib component. * CVE-2026-12327: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152. * CVE-2026-12328: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152. * CVE-2026-12329: Memory safety bug fixed in Firefox ESR 140.12. * CVE-2026-12330: Incorrect boundary conditions in the Internationalization component. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2852=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-2852=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * MozillaThunderbird-translations-common-140.12.0-150200.8.277.1 * MozillaThunderbird-140.12.0-150200.8.277.1 * MozillaThunderbird-translations-other-140.12.0-150200.8.277.1 * MozillaThunderbird-debuginfo-140.12.0-150200.8.277.1 * MozillaThunderbird-debugsource-140.12.0-150200.8.277.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * MozillaThunderbird-translations-common-140.12.0-150200.8.277.1 * MozillaThunderbird-140.12.0-150200.8.277.1 * MozillaThunderbird-translations-other-140.12.0-150200.8.277.1 *MozillaThunderbird-debuginfo-140.12.0-150200.8.277.1 * MozillaThunderbird-debugsource-140.12.0-150200.8.277.1 ## References: * https://www.suse.com/security/cve/CVE-2026-12289.html * https://www.suse.com/security/cve/CVE-2026-12290.html * https://www.suse.com/security/cve/CVE-2026-12291.html * https://www.suse.com/security/cve/CVE-2026-12292.html * https://www.suse.com/security/cve/CVE-2026-12294.html * https://www.suse.com/security/cve/CVE-2026-12295.html * https://www.suse.com/security/cve/CVE-2026-12296.html * https://www.suse.com/security/cve/CVE-2026-12297.html * https://www.suse.com/security/cve/CVE-2026-12298.html * https://www.suse.com/security/cve/CVE-2026-12299.html * https://www.suse.com/security/cve/CVE-2026-12302.html * https://www.suse.com/security/cve/CVE-2026-12304.html * https://www.suse.com/security/cve/CVE-2026-12305.html * https://www.suse.com/security/cve/CVE-2026-12306.html * https://www.suse.com/security/cve/CVE-2026-12307.html * https://www.suse.com/security/cve/CVE-2026-12308.html * https://www.suse.com/security/cve/CVE-2026-12309.html * https://www.suse.com/security/cve/CVE-2026-12310.html * https://www.suse.com/security/cve/CVE-2026-12311.html * https://www.suse.com/security/cve/CVE-2026-12312.html * https://www.suse.com/security/cve/CVE-2026-12313.html * https://www.suse.com/security/cve/CVE-2026-12314.html * https://www.suse.com/security/cve/CVE-2026-12315.html * https://www.suse.com/security/cve/CVE-2026-12324.html * https://www.suse.com/security/cve/CVE-2026-12325.html * https://www.suse.com/security/cve/CVE-2026-12327.html * https://www.suse.com/security/cve/CVE-2026-12328.html * https://www.suse.com/security/cve/CVE-2026-12329.html * https://www.suse.com/security/cve/CVE-2026-12330.html * https://bugzilla.suse.com/show_bug.cgi?id=1268071 . A critical security update for MozillaThunderbird addresses 29 issues, including sandbox escapes and DoS attacks.. SUSE security update, MozillaThunderbird patch, importantvulnerabilities. . Severity: Important. LinuxSecurity.com Team
An update that solves 2 vulnerabilities can now be installed.. # MozillaThunderbird-140.12.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:11164-1 Rating: moderate Cross-References: * CVE-2026-57962 * CVE-2026-57963 CVSS scores: * CVE-2026-57962 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-57963 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the MozillaThunderbird-140.12.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * MozillaThunderbird 140.12.1-1.1 * MozillaThunderbird-openpgp-librnp 140.12.1-1.1 * MozillaThunderbird-translations-common 140.12.1-1.1 * MozillaThunderbird-translations-other 140.12.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-57962.html * https://www.suse.com/security/cve/CVE-2026-57963.html . Update for MozillaThunderbird resolves two moderate vulnerabilities in openSUSE Tumbleweed, enhancing system security.. openSUSE update, MozillaThunderbird vulnerabilities, moderate security issue, software update. . Severity: moderate. LinuxSecurity.com Team
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2026-168-04) New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-140.12.0esr-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/140.12.0esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/ https://www.cve.org/CVERecord?id=CVE-2026-12289 https://www.cve.org/CVERecord?id=CVE-2026-12290 https://www.cve.org/CVERecord?id=CVE-2026-12291 https://www.cve.org/CVERecord?id=CVE-2026-12292 https://www.cve.org/CVERecord?id=CVE-2026-12294 https://www.cve.org/CVERecord?id=CVE-2026-12295 https://www.cve.org/CVERecord?id=CVE-2026-12298 https://www.cve.org/CVERecord?id=CVE-2026-12296 https://www.cve.org/CVERecord?id=CVE-2026-12297 https://www.cve.org/CVERecord?id=CVE-2026-12299 https://www.cve.org/CVERecord?id=CVE-2026-12329 https://www.cve.org/CVERecord?id=CVE-2026-12302 https://www.cve.org/CVERecord?id=CVE-2026-12304 https://www.cve.org/CVERecord?id=CVE-2026-12305 https://www.cve.org/CVERecord?id=CVE-2026-12306 https://www.cve.org/CVERecord?id=CVE-2026-12307 https://www.cve.org/CVERecord?id=CVE-2026-12308 https://www.cve.org/CVERecord?id=CVE-2026-12309 https://www.cve.org/CVERecord?id=CVE-2026-12310 https://www.cve.org/CVERecord?id=CVE-2026-12311 https://www.cve.org/CVERecord?id=CVE-2026-12312 https://www.cve.org/CVERecord?id=CVE-2026-12313 https://www.cve.org/CVERecord?id=CVE-2026-12314 https://www.cve.org/CVERecord?id=CVE-2026-12315 https://www.cve.org/CVERecord?id=CVE-2026-12330 https://www.cve.org/CVERecord?id=CVE-2026-12324 https://www.cve.org/CVERecord?id=CVE-2026-12325 https://www.cve.org/CVERecord?id=CVE-2026-12327 https://www.cve.org/CVERecord?id=CVE-2026-12328 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-140.12.0esr-i686-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-140.12.0esr-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-140.12.0esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-140.12.0esr-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 51bc5915be253647cb39276630a60a12 mozilla-thunderbird-140.12.0esr-i686-1_slack15.0.txz Slackware x86_64 15.0 package: 639beeba12f6b6eb1517e088e36949e1 mozilla-thunderbird-140.12.0esr-x86_64-1_slack15.0.txz Slackware -current package: d6725be0ff75f5bba020d56074ca403d xap/mozilla-thunderbird-140.12.0esr-i686-1.txz Slackware x86_64 -current package: f09ea6bec45ad46b5c0497f56b26393b xap/mozilla-thunderbird-140.12.0esr-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mozilla-thunderbird-140.12.0esr-i686-1_slack15.0.txz +-----+ . Security update for mozilla-thunderbird in Slackware 15.0 to address critical issues. Upgrade recommended to maintain system integrity.. mozilla-thunderbird, Slackwaresecurity, software patch, critical update. . Severity: Critical. LinuxSecurity.com Team
An update that solves 23 vulnerabilities can now be installed.. # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2026:2271-1 Release Date: 2026-06-05T06:37:08Z Rating: important References: * bsc#1265212 Cross-References: * CVE-2026-8090 * CVE-2026-8092 * CVE-2026-8094 * CVE-2026-8388 * CVE-2026-8391 * CVE-2026-8401 * CVE-2026-8946 * CVE-2026-8947 * CVE-2026-8949 * CVE-2026-8950 * CVE-2026-8953 * CVE-2026-8954 * CVE-2026-8955 * CVE-2026-8956 * CVE-2026-8957 * CVE-2026-8958 * CVE-2026-8959 * CVE-2026-8961 * CVE-2026-8962 * CVE-2026-8968 * CVE-2026-8970 * CVE-2026-8974 * CVE-2026-8975 CVSS scores: * CVE-2026-8090 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8090 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-8092 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8092 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8094 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8094 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8388 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-8391 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-8401 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-8401 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8946 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8946 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-8947 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8947 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-8949 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-8949 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-8950 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-8950 ( NVD ): 9.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-8953 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L * CVE-2026-8953 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-8954 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L * CVE-2026-8954 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-8955 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-8955 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8956 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-8956 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-8957 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-8957 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8958 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2026-8958 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2026-8959 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L * CVE-2026-8959 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-8961 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-8961 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-8962 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-8962 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-8968 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-8968 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-8970 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-8970 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8974 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8974 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8975 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-8975 ( NVD ): 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 23 vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues * Updated to Mozilla Thunderbird 140.11 (bsc#1265212) MFSA 2026-44: * CVE-2026-8090: Use-after-free in the DOM: Networking component. * CVE-2026-8092: Memory safety bugs fixed in Thunderbird ESR 140.10.2 and Thunderbird 150.0.2. * CVE-2026-8094: Other issue in the WebRTC component. MFSA 2026-51: * CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component. * CVE-2026-8391: Other issue in the JavaScript Engine component. * CVE-2026-8401: Sandbox escape in the Profile Backup component. * CVE-2026-8946: Incorrect boundary conditions in the Audio/Video: Web Codecs component. * CVE-2026-8947: Use-after-free in the DOM: Bindings (WebIDL) component. * CVE-2026-8949: Integer overflow in the Widget: Win32 component. * CVE-2026-8950: Same-origin policy bypass in the Networking: HTTP component. * CVE-2026-8953: Sandbox escape due to use-after-free in the Disability Access APIs component. * CVE-2026-8954: Incorrect boundary conditions, integer overflow in the Audio/Video component. * CVE-2026-8955: Privilege escalation in the DOM: Workers component. * CVE-2026-8956: Integer overflow in the Networking: JAR component. * CVE-2026-8957: Privilege escalation in the Enterprise Policies component. * CVE-2026-8958: Information disclosure, sandbox escape in the Security: Process Sandboxing component. * CVE-2026-8959: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. * CVE-2026-8961: Spoofing issue in the Form Autofillcomponent. * CVE-2026-8962: Mitigation bypass in the DOM: Security component. * CVE-2026-8968: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. * CVE-2026-8970: Privilege escalation in the Security component. * CVE-2026-8974: Memory safety bugs fixed in Thunderbird 140.11 and Thunderbird 151. * CVE-2026-8975: Memory safety bugs fixed in Thunderbird 140.11 and Thunderbird 151. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2271=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-2271=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * MozillaThunderbird-debugsource-140.11.0-150200.8.274.1 * MozillaThunderbird-140.11.0-150200.8.274.1 * MozillaThunderbird-debuginfo-140.11.0-150200.8.274.1 * MozillaThunderbird-translations-common-140.11.0-150200.8.274.1 * MozillaThunderbird-translations-other-140.11.0-150200.8.274.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * MozillaThunderbird-debugsource-140.11.0-150200.8.274.1 * MozillaThunderbird-140.11.0-150200.8.274.1 * MozillaThunderbird-debuginfo-140.11.0-150200.8.274.1 * MozillaThunderbird-translations-common-140.11.0-150200.8.274.1 * MozillaThunderbird-translations-other-140.11.0-150200.8.274.1 ## References: * https://www.suse.com/security/cve/CVE-2026-8090.html * https://www.suse.com/security/cve/CVE-2026-8092.html * https://www.suse.com/security/cve/CVE-2026-8094.html * https://www.suse.com/security/cve/CVE-2026-8388.html * https://www.suse.com/security/cve/CVE-2026-8391.html * https://www.suse.com/security/cve/CVE-2026-8401.html * https://www.suse.com/security/cve/CVE-2026-8946.html *https://www.suse.com/security/cve/CVE-2026-8947.html * https://www.suse.com/security/cve/CVE-2026-8949.html * https://www.suse.com/security/cve/CVE-2026-8950.html * https://www.suse.com/security/cve/CVE-2026-8953.html * https://www.suse.com/security/cve/CVE-2026-8954.html * https://www.suse.com/security/cve/CVE-2026-8955.html * https://www.suse.com/security/cve/CVE-2026-8956.html * https://www.suse.com/security/cve/CVE-2026-8957.html * https://www.suse.com/security/cve/CVE-2026-8958.html * https://www.suse.com/security/cve/CVE-2026-8959.html * https://www.suse.com/security/cve/CVE-2026-8961.html * https://www.suse.com/security/cve/CVE-2026-8962.html * https://www.suse.com/security/cve/CVE-2026-8968.html * https://www.suse.com/security/cve/CVE-2026-8970.html * https://www.suse.com/security/cve/CVE-2026-8974.html * https://www.suse.com/security/cve/CVE-2026-8975.html * https://bugzilla.suse.com/show_bug.cgi?id=1265212 . Update for Mozilla Thunderbird addresses critical memory safety and use-after-free issues with important severity.. Mozilla Thunderbird security update, SUSE important advisory, memory safety fixes, use-after-free vulnerability. . Severity: Important. LinuxSecurity.com Team
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2026-146-01) New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-140.11.1esr-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/140.11.1esr/releasenotes/ (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-140.11.1esr-i686-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-140.11.1esr-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-140.11.1esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-140.11.1esr-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 5916cf9d584b4dda2872777acdfde2b6 mozilla-thunderbird-140.11.1esr-i686-1_slack15.0.txz Slackware x86_64 15.0 package: 6223c2b249668d395e95e7892868534c mozilla-thunderbird-140.11.1esr-x86_64-1_slack15.0.txz Slackware -current package: c6c8a43ebac3d4f5c7afcd2d6be46974 xap/mozilla-thunderbird-140.11.1esr-i686-1.txz Slackware x86_64-current package: d262b9829fd020a4aacf27c5d9842590 xap/mozilla-thunderbird-140.11.1esr-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mozilla-thunderbird-140.11.1esr-i686-1_slack15.0.txz +-----+ . Security updates for mozilla-thunderbird enhance protection on Slackware 15.0 addressing vital issues promptly.. Slackware, mozilla-thunderbird, package updates, security patches. . Severity: Important. LinuxSecurity.com Team
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2026-128-02) New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-140.10.2esr-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/140.10.2esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-44/ https://www.cve.org/CVERecord?id=CVE-2026-8090 https://www.cve.org/CVERecord?id=CVE-2026-8094 https://www.cve.org/CVERecord?id=CVE-2026-8092 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-140.10.2esr-i686-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-140.10.2esr-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-140.10.2esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-140.10.2esr-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 8c3a75da1b19800588a6a851bc20a7fb mozilla-thunderbird-140.10.2esr-i686-1_slack15.0.txz Slackware x86_64 15.0package: 5462bacd76bb814442d824adb1738a93 mozilla-thunderbird-140.10.2esr-x86_64-1_slack15.0.txz Slackware -current package: 4a491da68b3527ac13090e44fe29395c xap/mozilla-thunderbird-140.10.2esr-i686-1.txz Slackware x86_64 -current package: bbec605fae25a81f1503fa64ca5a7a91 xap/mozilla-thunderbird-140.10.2esr-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mozilla-thunderbird-140.10.2esr-i686-1_slack15.0.txz +-----+ . New mozilla-thunderbird packages for Slackware fix important security issues and enhance user protection.. Mozilla Thunderbird security fix, Slackware 15.0 update, package upgrade instructions. . Severity: Important. LinuxSecurity.com Team
An update that solves 29 vulnerabilities can now be installed.. # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2026:1741-1 Release Date: 2026-05-07T07:01:07Z Rating: important References: * bsc#1262230 * bsc#1263110 Cross-References: * CVE-2026-6746 * CVE-2026-6747 * CVE-2026-6748 * CVE-2026-6749 * CVE-2026-6750 * CVE-2026-6751 * CVE-2026-6752 * CVE-2026-6753 * CVE-2026-6754 * CVE-2026-6757 * CVE-2026-6759 * CVE-2026-6761 * CVE-2026-6762 * CVE-2026-6763 * CVE-2026-6764 * CVE-2026-6765 * CVE-2026-6766 * CVE-2026-6767 * CVE-2026-6769 * CVE-2026-6770 * CVE-2026-6771 * CVE-2026-6772 * CVE-2026-6776 * CVE-2026-6785 * CVE-2026-6786 * CVE-2026-7320 * CVE-2026-7321 * CVE-2026-7322 * CVE-2026-7323 CVSS scores: * CVE-2026-6746 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6747 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6748 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6749 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6750 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6751 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-6752 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-6753 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-6754 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6757 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-6759 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6761 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6762 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-6763 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6764 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-6765 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6766 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6767 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6769 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6770 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-6771 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6772 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6776 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6785 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6786 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-7320 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-7321 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-7322 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-7323 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 29 vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues Updated to Mozilla Thunderbird 140.10.1: MFSA 2026-34 (bsc#1262230): * CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. * CVE-2026-6747: Use-after-free in the WebRTC component. * CVE-2026-6748: Uninitialized memory in the Audio/Video: Web Codecs component. * CVE-2026-6749: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. * CVE-2026-6750: Privilege escalation in the Graphics: WebRender component. * CVE-2026-6751: Uninitialized memory in the Audio/Video: Web Codecs component. * CVE-2026-6752: Incorrect boundaryconditions in the WebRTC component. * CVE-2026-6753: Incorrect boundary conditions in the WebRTC component. * CVE-2026-6754: Use-after-free in the JavaScript Engine component. * CVE-2026-6757: Invalid pointer in the JavaScript: WebAssembly component. * CVE-2026-6759: Use-after-free in the Widget: Cocoa component. * CVE-2026-6761: Privilege escalation in the Networking component. * CVE-2026-6762: Spoofing issue in the DOM: Core & HTML component. * CVE-2026-6763: Mitigation bypass in the File Handling component. * CVE-2026-6764: Incorrect boundary conditions in the DOM: Device Interfaces component. * CVE-2026-6765: Information disclosure in the Form Autofill component. * CVE-2026-6766: Incorrect boundary conditions in the Libraries component in NSS. * CVE-2026-6767: Other issue in the Libraries component in NSS. * CVE-2026-6769: Privilege escalation in the Debugger component. * CVE-2026-6770: Other issue in the Storage: IndexedDB component. * CVE-2026-6771: Mitigation bypass in the DOM: Security component. * CVE-2026-6772: Incorrect boundary conditions in the Libraries component in NSS. * CVE-2026-6776: Incorrect boundary conditions in the WebRTC: Networking component. * CVE-2026-6785: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. * CVE-2026-6786: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. MFSA 2026-39 (bsc#1263110): * CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component. * CVE-2026-7321: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. * CVE-2026-7322: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1. * CVE-2026-7323: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1. Other updates and bugfixes: * Fixed: Newly translated strings were notavailable in Thunderbird. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1741=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1741=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-140.10.1-150200.8.271.1 * MozillaThunderbird-debugsource-140.10.1-150200.8.271.1 * MozillaThunderbird-translations-other-140.10.1-150200.8.271.1 * MozillaThunderbird-140.10.1-150200.8.271.1 * MozillaThunderbird-translations-common-140.10.1-150200.8.271.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * MozillaThunderbird-debuginfo-140.10.1-150200.8.271.1 * MozillaThunderbird-debugsource-140.10.1-150200.8.271.1 * MozillaThunderbird-translations-other-140.10.1-150200.8.271.1 * MozillaThunderbird-140.10.1-150200.8.271.1 * MozillaThunderbird-translations-common-140.10.1-150200.8.271.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6746.html * https://www.suse.com/security/cve/CVE-2026-6747.html * https://www.suse.com/security/cve/CVE-2026-6748.html * https://www.suse.com/security/cve/CVE-2026-6749.html * https://www.suse.com/security/cve/CVE-2026-6750.html * https://www.suse.com/security/cve/CVE-2026-6751.html * https://www.suse.com/security/cve/CVE-2026-6752.html * https://www.suse.com/security/cve/CVE-2026-6753.html * https://www.suse.com/security/cve/CVE-2026-6754.html * https://www.suse.com/security/cve/CVE-2026-6757.html * https://www.suse.com/security/cve/CVE-2026-6759.html * https://www.suse.com/security/cve/CVE-2026-6761.html * https://www.suse.com/security/cve/CVE-2026-6762.html * https://www.suse.com/security/cve/CVE-2026-6763.html *https://www.suse.com/security/cve/CVE-2026-6764.html * https://www.suse.com/security/cve/CVE-2026-6765.html * https://www.suse.com/security/cve/CVE-2026-6766.html * https://www.suse.com/security/cve/CVE-2026-6767.html * https://www.suse.com/security/cve/CVE-2026-6769.html * https://www.suse.com/security/cve/CVE-2026-6770.html * https://www.suse.com/security/cve/CVE-2026-6771.html * https://www.suse.com/security/cve/CVE-2026-6772.html * https://www.suse.com/security/cve/CVE-2026-6776.html * https://www.suse.com/security/cve/CVE-2026-6785.html * https://www.suse.com/security/cve/CVE-2026-6786.html * https://www.suse.com/security/cve/CVE-2026-7320.html * https://www.suse.com/security/cve/CVE-2026-7321.html * https://www.suse.com/security/cve/CVE-2026-7322.html * https://www.suse.com/security/cve/CVE-2026-7323.html * https://bugzilla.suse.com/show_bug.cgi?id=1262230 * https://bugzilla.suse.com/show_bug.cgi?id=1263110 . This important advisory addresses multiple vulnerabilities in MozillaThunderbird for SUSE, providing critical security updates.. MozillaThunderbird SUSE security important vulnerabilities. . Severity: Important. LinuxSecurity.com Team
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2026-122-03) New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-140.10.1esr-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/140.10.1esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/ https://www.cve.org/CVERecord?id=CVE-2026-7320 https://www.cve.org/CVERecord?id=CVE-2026-7321 https://www.cve.org/CVERecord?id=CVE-2026-7322 https://www.cve.org/CVERecord?id=CVE-2026-7323 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-140.10.1esr-i686-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-140.10.1esr-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-140.10.1esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-140.10.1esr-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: e7911c42929757dd389e0323d02cc89e mozilla-thunderbird-140.10.1esr-i686-1_slack15.0.txz Slackware x86_64 15.0 package: 18b2ca5aa602dec393a81b9e9d885f02 mozilla-thunderbird-140.10.1esr-x86_64-1_slack15.0.txz Slackware -current package: 4b679e4cfbe4ee866ea663bcbae2ac6b xap/mozilla-thunderbird-140.10.1esr-i686-1.txz Slackware x86_64 -current package: 5d39d54e33ccbcab9662b8819c878baa xap/mozilla-thunderbird-140.10.1esr-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mozilla-thunderbird-140.10.1esr-i686-1_slack15.0.txz +-----+ . Learn about the latest mozilla-thunderbird packages released for Slackware 15.0 that address critical security issues and updates.. Slackware, Mozilla Thunderbird, security issues, remote access, Linux packages. . Severity: Critical. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.