Explore top 10 tips to secure your open-source projects now. Read More
×Security update. Publication date: 13 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0243.html Type: security Affected Mageia releases: 10, 9 CVE: CVE-2026-12289, CVE-2026-12290, CVE-2026-12291, CVE-2026-12292, CVE-2026-12294, CVE-2026-12295, CVE-2026-12296, CVE-2026-12297, CVE-2026-12298, CVE-2026-12299, CVE-2026-12302, CVE-2026-12304, CVE-2026-12305, CVE-2026-12306, CVE-2026-12307, CVE-2026-12308, CVE-2026-12309, CVE-2026-12310, CVE-2026-12311, CVE-2026-12312, CVE-2026-12313, CVE-2026-12314, CVE-2026-12315, CVE-2026-12330, CVE-2026-12324, CVE-2026-12325, CVE-2026-12327, CVE-2026-12328, CVE-2026-12329, CVE-2026-57962, CVE-2026-57963 Description: The updated packages fix security vulnerabilities: Privilege escalation in the Graphics: WebRender component. (CVE-2026-12289) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12290) Use-after-free in the Networking: HTTP component. (CVE-2026-12291) Incorrect boundary conditions in the Web Audio component. (CVE-2026-12292) Sandbox escape in the DOM: Workers component. (CVE-2026-12294) Sandbox escape in the DOM: Navigation component. (CVE-2026-12295) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12298) Sandbox escape in the Security: Process Sandboxing component. (CVE-2026-12296) Sandbox escape due to incorrect boundary conditions in the Networking component. (CVE-2026-12297) JIT miscompilation in the DOM: Core & HTML component. (CVE-2026-12299) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12329) Mitigation bypass in the DOM: Security component. (CVE-2026-12302) Same-origin policy bypass in the Networking: Cookies component. (CVE-2026-12304) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12305) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12306) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12307) Memory safety bug fixed inThunderbird ESR 140.12. (CVE-2026-12308) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12309) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12310) Information disclosure, sandbox escape in the Security: Process Sandboxing component. (CVE-2026-12311) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12312) Information disclosure, sandbox escape in the Security: Process Sandboxing component. (CVE-2026-12313) Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12314) Mitigation bypass in the DOM: Security component. (CVE-2026-12315) Incorrect boundary conditions in the Internationalization component. (CVE-2026-12330) Incorrect boundary conditions in the Graphics: CanvasWebGL component. (CVE-2026-12324) Denial-of-service in the Graphics: ImageLib component. (CVE-2026-12325) Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152. (CVE-2026-12327) Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152. (CVE-2026-12328) Denial-of-service via malicious LDAP address-book server. (CVE-2026-57962) Chat UI manipulation by injection. (CVE-2026-57963) References: - https://bugs.mageia.org/show_bug.cgi?id=35716 - https://www.thunderbird.net/en-US/thunderbird/140.12.0esr/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/ - https://www.thunderbird.net/en-US/thunderbird/140.12.1esr/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2026-64/ - https://www.cve.org/CVERecord?id=CVE-2026-12289 - https://www.cve.org/CVERecord?id=CVE-2026-12290 - https://www.cve.org/CVERecord?id=CVE-2026-12291 - https://www.cve.org/CVERecord?id=CVE-2026-12292 - https://www.cve.org/CVERecord?id=CVE-2026-12294 - https://www.cve.org/CVERecord?id=CVE-2026-12295 - https://www.cve.org/CVERecord?id=CVE-2026-12296 - https://www.cve.org/CVERecord?id=CVE-2026-12297 - https://www.cve.org/CVERecord?id=CVE-2026-12298 -https://www.cve.org/CVERecord?id=CVE-2026-12299 - https://www.cve.org/CVERecord?id=CVE-2026-12302 - https://www.cve.org/CVERecord?id=CVE-2026-12304 - https://www.cve.org/CVERecord?id=CVE-2026-12305 - https://www.cve.org/CVERecord?id=CVE-2026-12306 - https://www.cve.org/CVERecord?id=CVE-2026-12307 - https://www.cve.org/CVERecord?id=CVE-2026-12308 - https://www.cve.org/CVERecord?id=CVE-2026-12309 - https://www.cve.org/CVERecord?id=CVE-2026-12310 - https://www.cve.org/CVERecord?id=CVE-2026-12311 - https://www.cve.org/CVERecord?id=CVE-2026-12312 - https://www.cve.org/CVERecord?id=CVE-2026-12313 - https://www.cve.org/CVERecord?id=CVE-2026-12314 - https://www.cve.org/CVERecord?id=CVE-2026-12315 - https://www.cve.org/CVERecord?id=CVE-2026-12330 - https://www.cve.org/CVERecord?id=CVE-2026-12324 - https://www.cve.org/CVERecord?id=CVE-2026-12325 - https://www.cve.org/CVERecord?id=CVE-2026-12327 - https://www.cve.org/CVERecord?id=CVE-2026-12328 - https://www.cve.org/CVERecord?id=CVE-2026-12329 - https://www.cve.org/CVERecord?id=CVE-2026-57962 - https://www.cve.org/CVERecord?id=CVE-2026-57963 SRPMS: - 10/core/thunderbird-140.12.1-1.mga10 - 10/core/thunderbird-l10n-140.12.1-1.mga10 - 9/core/thunderbird-140.12.1-1.mga9 - 9/core/thunderbird-l10n-140.12.1-1.mga9 . Security updates fix several critical components in Thunderbird for Mageia including privilege escalation and memory safety bugs.. Mageia security advisory, Thunderbird update, privilege escalation, memory safety issues. . Severity: Important. LinuxSecurity.com Team
Important: thunderbird security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:30846", "synopsis": "Important: thunderbird security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for thunderbird.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* firefox: thunderbird: Sandbox escape in the DOM: Workers component (CVE-2026-12294)\n\n* firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12313)\n\n* firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12311)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12290)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12327)\n\n* firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component (CVE-2026-12299)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12329)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12312)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12302)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12328)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Internationalization component (CVE-2026-12330)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12314)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12309)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR140.12 (CVE-2026-12310)\n\n* firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component (CVE-2026-12325)\n\n* firefox: thunderbird: Sandbox escape in the DOM: Navigation component (CVE-2026-12295)\n\n* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-12289)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12315)\n\n* firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component (CVE-2026-12296)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12306)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12307)\n\n* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component (CVE-2026-12297)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12305)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Web Audio component (CVE-2026-12292)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12308)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-12324)\n\n* firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component (CVE-2026-12304)\n\n* firefox: thunderbird: Use-after-free in the Networking: HTTP component (CVE-2026-12291)\n\n* firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 (CVE-2026-12298)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2489232", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489232", "description": ""}, {"ticket": "2489234", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489234", "description": ""},{"ticket": "2489226", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489226", "description": ""}, {"ticket": "2489221", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489221", "description": ""}, {"ticket": "2489224", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489224", "description": ""}, {"ticket": "2489244", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489244", "description": ""}, {"ticket": "2489236", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489236", "description": ""}, {"ticket": "2489209", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489209", "description": ""}, {"ticket": "2489207", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489207", "description": ""}, {"ticket": "2489215", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489215", "description": ""}, {"ticket": "2489229", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489229", "description": ""}, {"ticket": "2489233", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489233", "description": ""}, {"ticket": "2489217", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489217", "description": ""}, {"ticket": "2489208", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489208", "description": ""}, {"ticket": "2489223", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489223", "description": ""}, {"ticket": "2489235", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489235", "description": ""}, {"ticket": "2489220", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489220", "description": ""}, {"ticket": "2489239", "sourceBy":"Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489239", "description": ""}, {"ticket": "2489248", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489248", "description": ""}, {"ticket": "2489237", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489237", "description": ""}, {"ticket": "2489211", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489211", "description": ""}, {"ticket": "2489214", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489214", "description": ""}, {"ticket": "2489225", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489225", "description": ""}, {"ticket": "2489231", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489231", "description": ""}, {"ticket": "2489212", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489212", "description": ""}, {"ticket": "2489240", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489240", "description": ""}, {"ticket": "2489218", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489218", "description": ""}, {"ticket": "2489243", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489243", "description": ""}, {"ticket": "2489210", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489210", "description": ""}], "cves": [{"name": "CVE-2026-12289", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12289", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-266"}, {"name": "CVE-2026-12290", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12290", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5","cwe": "CWE-823"}, {"name": "CVE-2026-12291", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12291", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-12292", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12292", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}, {"name": "CVE-2026-12294", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12294", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-266"}, {"name": "CVE-2026-12295", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12295", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-653"}, {"name": "CVE-2026-12296", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12296", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-403"}, {"name": "CVE-2026-12297", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12297", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-653"}, {"name": "CVE-2026-12298", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12298", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-843"}, {"name": "CVE-2026-12299", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12299", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-733"}, {"name": "CVE-2026-12302", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12302", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-12304", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12304", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-346"}, {"name": "CVE-2026-12305", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12305", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-12306", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12306", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-12307", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12307", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-12308", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12308", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-12309", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12309", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-12310", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12310", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-12311", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12311", "cvss3ScoringVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-243"}, {"name": "CVE-2026-12312", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12312", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-12313", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12313", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-403"}, {"name": "CVE-2026-12314", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12314", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-12315", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12315", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-807"}, {"name": "CVE-2026-12324", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12324", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "cvss3BaseScore": "3.4", "cwe": "CWE-131"}, {"name": "CVE-2026-12325", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12325", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "cvss3BaseScore": "3.4", "cwe": "CWE-1286"}, {"name": "CVE-2026-12327", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12327", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-12328", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12328", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-12329","sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12329", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}, {"name": "CVE-2026-12330", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12330", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-131"}], "references": [], "publishedAt": "2026-07-05T12:05:09.130757Z", "rpms": {"Rocky Linux 10": {"nvras": ["thunderbird-debugsource-0:140.12.0-1.el10_2.ppc64le.rpm", "thunderbird-0:140.12.0-1.el10_2.aarch64.rpm", "thunderbird-0:140.12.0-1.el10_2.src.rpm", "thunderbird-debugsource-0:140.12.0-1.el10_2.aarch64.rpm", "thunderbird-debuginfo-0:140.12.0-1.el10_2.s390x.rpm", "thunderbird-0:140.12.0-1.el10_2.ppc64le.rpm", "thunderbird-debuginfo-0:140.12.0-1.el10_2.x86_64.rpm", "thunderbird-debuginfo-0:140.12.0-1.el10_2.aarch64.rpm", "thunderbird-debugsource-0:140.12.0-1.el10_2.s390x.rpm", "thunderbird-0:140.12.0-1.el10_2.x86_64.rpm", "thunderbird-debugsource-0:140.12.0-1.el10_2.x86_64.rpm", "thunderbird-0:140.12.0-1.el10_2.s390x.rpm", "thunderbird-debuginfo-0:140.12.0-1.el10_2.ppc64le.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A crucial security update for Thunderbird on Rocky Linux addresses multiple vulnerabilities, enhancing user safety.. Thunderbird Update Rocky Linux Important Security. . Severity: Important. LinuxSecurity.com Team
Important: thunderbird security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:33445", "synopsis": "Important: thunderbird security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for thunderbird.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* firefox: thunderbird: Sandbox escape in the DOM: Workers component (CVE-2026-12294)\n\n* firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12313)\n\n* firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12311)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12290)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12327)\n\n* firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component (CVE-2026-12299)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12329)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12312)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12302)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12328)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Internationalization component (CVE-2026-12330)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12314)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12309)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR140.12 (CVE-2026-12310)\n\n* firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component (CVE-2026-12325)\n\n* firefox: thunderbird: Sandbox escape in the DOM: Navigation component (CVE-2026-12295)\n\n* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-12289)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12315)\n\n* firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component (CVE-2026-12296)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12306)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12307)\n\n* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component (CVE-2026-12297)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12305)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Web Audio component (CVE-2026-12292)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12308)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-12324)\n\n* firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component (CVE-2026-12304)\n\n* firefox: thunderbird: Use-after-free in the Networking: HTTP component (CVE-2026-12291)\n\n* firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 (CVE-2026-12298)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2489207", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489207", "description": ""}, {"ticket": "2489208", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489208", "description": ""},{"ticket": "2489209", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489209", "description": ""}, {"ticket": "2489210", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489210", "description": ""}, {"ticket": "2489211", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489211", "description": ""}, {"ticket": "2489212", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489212", "description": ""}, {"ticket": "2489214", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489214", "description": ""}, {"ticket": "2489215", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489215", "description": ""}, {"ticket": "2489217", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489217", "description": ""}, {"ticket": "2489218", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489218", "description": ""}, {"ticket": "2489220", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489220", "description": ""}, {"ticket": "2489221", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489221", "description": ""}, {"ticket": "2489223", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489223", "description": ""}, {"ticket": "2489224", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489224", "description": ""}, {"ticket": "2489225", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489225", "description": ""}, {"ticket": "2489226", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489226", "description": ""}, {"ticket": "2489229", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489229", "description": ""}, {"ticket": "2489231", "sourceBy":"Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489231", "description": ""}, {"ticket": "2489232", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489232", "description": ""}, {"ticket": "2489233", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489233", "description": ""}, {"ticket": "2489234", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489234", "description": ""}, {"ticket": "2489235", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489235", "description": ""}, {"ticket": "2489236", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489236", "description": ""}, {"ticket": "2489237", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489237", "description": ""}, {"ticket": "2489239", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489239", "description": ""}, {"ticket": "2489240", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489240", "description": ""}, {"ticket": "2489243", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489243", "description": ""}, {"ticket": "2489244", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489244", "description": ""}, {"ticket": "2489248", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2489248", "description": ""}], "cves": [{"name": "CVE-2026-12289", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12289", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-266"}, {"name": "CVE-2026-12290", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12290", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5","cwe": "CWE-823"}, {"name": "CVE-2026-12291", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12291", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-12292", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12292", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}, {"name": "CVE-2026-12294", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12294", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-266"}, {"name": "CVE-2026-12295", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12295", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-653"}, {"name": "CVE-2026-12296", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12296", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-403"}, {"name": "CVE-2026-12297", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12297", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-653"}, {"name": "CVE-2026-12298", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12298", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-843"}, {"name": "CVE-2026-12299", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12299", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-733"}, {"name": "CVE-2026-12302", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12302", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-12304", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12304", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-346"}, {"name": "CVE-2026-12305", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12305", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-12306", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12306", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-12307", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12307", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-12308", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12308", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": null}, {"name": "CVE-2026-12309", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12309", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-12310", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12310", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-825"}, {"name": "CVE-2026-12311", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12311", "cvss3ScoringVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-243"}, {"name": "CVE-2026-12312", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12312", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-12313", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12313", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-403"}, {"name": "CVE-2026-12314", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12314", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-12315", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12315", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-807"}, {"name": "CVE-2026-12324", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12324", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "cvss3BaseScore": "3.4", "cwe": "CWE-131"}, {"name": "CVE-2026-12325", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12325", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "cvss3BaseScore": "3.4", "cwe": "CWE-1286"}, {"name": "CVE-2026-12327", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12327", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-787"}, {"name": "CVE-2026-12328", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12328", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}, {"name": "CVE-2026-12329","sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12329", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": null}, {"name": "CVE-2026-12330", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-12330", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cvss3BaseScore": "6.1", "cwe": "CWE-131"}], "references": [], "publishedAt": "2026-07-04T06:00:26.778042Z", "rpms": {"Rocky Linux 8": {"nvras": ["thunderbird-0:140.12.0-1.el8_10.aarch64.rpm", "thunderbird-0:140.12.0-1.el8_10.src.rpm", "thunderbird-0:140.12.0-1.el8_10.x86_64.rpm", "thunderbird-debuginfo-0:140.12.0-1.el8_10.aarch64.rpm", "thunderbird-debuginfo-0:140.12.0-1.el8_10.x86_64.rpm", "thunderbird-debugsource-0:140.12.0-1.el8_10.aarch64.rpm", "thunderbird-debugsource-0:140.12.0-1.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A critical security update for Thunderbird on Rocky Linux 8 addresses multiple vulnerabilities. Stay safe with the latest fixes.. Rocky Linux Thunderbird Security Fixes CVE Updates. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-33445 http://linux.oracle.com/errata/ELSA-2026-33445.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-140.12.0-1.0.1.el8_10.x86_64.rpm aarch64: thunderbird-140.12.0-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/thunderbird-140.12.0-1.0.1.el8_10.src.rpm Related CVEs: CVE-2026-12289 CVE-2026-12290 CVE-2026-12291 CVE-2026-12292 CVE-2026-12294 CVE-2026-12295 CVE-2026-12296 CVE-2026-12297 CVE-2026-12298 CVE-2026-12299 CVE-2026-12302 CVE-2026-12304 CVE-2026-12305 CVE-2026-12306 CVE-2026-12307 CVE-2026-12308 CVE-2026-12309 CVE-2026-12310 CVE-2026-12311 CVE-2026-12312 CVE-2026-12313 CVE-2026-12314 CVE-2026-12315 CVE-2026-12324 CVE-2026-12325 CVE-2026-12327 CVE-2026-12328 CVE-2026-12329 CVE-2026-12330 Description of changes: [140.12.0-1.0.1] - Fix prefs for new nss [Orabug: 37079820] - Add Oracle prefs file [140.12.0] - Add OpenELA debranding [140.12.0-1] - Update to 140.12.0 ESR _______________________________________________ El-errata mailing list
Update to latest upstream version Update to latest upstream version.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-2fb5ca48a2 2026-07-02 01:07:29.332031+00:00 -------------------------------------------------------------------------------- Name : thunderbird Product : Fedora 43 Version : 152.0 Release : 2.fc43 URL : http://www.mozilla.org/projects/thunderbird/ Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. -------------------------------------------------------------------------------- Update Information: Update to latest upstream version Update to latest upstream version. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 23 2026 Jan Horak - 152.0-1 - Update to 152.0 * Fri Jun 5 2026 Jan Horak - 151.0.1-1 - Update to 151.0.1 * Thu May 21 2026 Jan Horak - 151.0-1 - Update to 151.0 * Thu May 14 2026 Jan Horak - 150.0.2-1 - Update to 150.0.2 * Tue Apr 28 2026 Jan Horak - 150.0-1 - Update to Thunderbird 150.0 * Tue Apr 14 2026 Jan Horak - 149.0.2-1 - Update to 149.0.2 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2fb5ca48a2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-19348 http://linux.oracle.com/errata/ELSA-2026-19348.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-140.11.0-1.0.1.el9_8.x86_64.rpm aarch64: thunderbird-140.11.0-1.0.1.el9_8.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/thunderbird-140.11.0-1.0.1.el9_8.src.rpm Related CVEs: CVE-2026-6746 CVE-2026-6747 CVE-2026-6748 CVE-2026-6749 CVE-2026-6750 CVE-2026-6751 CVE-2026-6752 CVE-2026-6753 CVE-2026-6754 CVE-2026-6757 CVE-2026-6759 CVE-2026-6761 CVE-2026-6762 CVE-2026-6763 CVE-2026-6764 CVE-2026-6765 CVE-2026-6766 CVE-2026-6767 CVE-2026-6769 CVE-2026-6770 CVE-2026-6771 CVE-2026-6772 CVE-2026-6776 CVE-2026-6785 CVE-2026-6786 CVE-2026-7320 CVE-2026-7321 CVE-2026-7322 CVE-2026-7323 Description of changes: [140.11.0-1.0.1] - Fix prefs for new nss [Orabug: 37079813] - Add Oracle prefs [140.11.0] - Add OpenELA debranding [140.11.0-1] - Update to 140.11.0 ESR [140.10.1-1] - Update to 140.10.1 ESR _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-29940 http://linux.oracle.com/errata/ELSA-2026-29940.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-140.12.0-1.0.1.el9_8.x86_64.rpm aarch64: thunderbird-140.12.0-1.0.1.el9_8.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/thunderbird-140.12.0-1.0.1.el9_8.src.rpm Related CVEs: CVE-2026-12289 CVE-2026-12290 CVE-2026-12291 CVE-2026-12292 CVE-2026-12294 CVE-2026-12295 CVE-2026-12296 CVE-2026-12297 CVE-2026-12298 CVE-2026-12299 CVE-2026-12302 CVE-2026-12304 CVE-2026-12305 CVE-2026-12306 CVE-2026-12307 CVE-2026-12308 CVE-2026-12309 CVE-2026-12310 CVE-2026-12311 CVE-2026-12312 CVE-2026-12313 CVE-2026-12314 CVE-2026-12315 CVE-2026-12324 CVE-2026-12325 CVE-2026-12327 CVE-2026-12328 CVE-2026-12329 CVE-2026-12330 Description of changes: [140.12.0-1.0.1] - Fix prefs for new nss [Orabug: 37079813] - Add Oracle prefs [140.12.0] - Add OpenELA debranding [140.12.0-1] - Update to 140.12.0 ESR _______________________________________________ El-errata mailing list
Update to latest upstream version. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-cda0c20ce0 2026-06-27 01:10:00.374915+00:00 -------------------------------------------------------------------------------- Name : thunderbird Product : Fedora 44 Version : 152.0 Release : 1.fc44 URL : http://www.mozilla.org/projects/thunderbird/ Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. -------------------------------------------------------------------------------- Update Information: Update to latest upstream version -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 23 2026 Jan Horak - 152.0-1 - Update to 152.0 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-cda0c20ce0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.