RLSA-2026:6917

Описание

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

• firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)

• firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)

• firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)

• firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)

• firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)

• firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)

• firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)

• firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)

• firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)

• firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)

• firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)

• firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)

• firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)

• firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)

• firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)

• firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)

• firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)

• firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)

• firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)

• firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)

• firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)

• firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)

• firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)

• firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)

• firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)

• firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)

• firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)

• firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)

• firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)

• firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)

• firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)

• firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)

• firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)

• firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)

• firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)

• firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)

• firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)

• thunderbird: Out of bounds read in IMAP parsing (CVE-2026-4371)

• thunderbird: Spoofing issue in Thunderbird (CVE-2026-3889)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.