{"id":"ALSA-2026:6188","summary":"Important: thunderbird security update","details":"Mozilla Thunderbird is a standalone mail and newsgroup client.  \n\nSecurity Fix(es):  \n\n  * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)\n  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)\n  * firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)\n  * firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)\n  * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)\n  * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)\n  * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)\n  * firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)\n  * firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)\n  * firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)\n  * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)\n  * firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)\n  * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)\n  * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)\n  * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)\n  * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)\n  * firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)\n  * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)\n  * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)\n  * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)\n  * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)\n  * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)\n  * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)\n  * firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)\n  * firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)\n  * firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)\n  * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)\n  * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)\n  * firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)\n  * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)\n  * firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)\n  * firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)\n  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)\n  * firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)\n  * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)\n  * firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)\n  * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)\n  * thunderbird: Out of bounds read in IMAP parsing (CVE-2026-4371)\n  * thunderbird: Spoofing issue in Thunderbird (CVE-2026-3889)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-04-03T08:14:27.468345736Z","published":"2026-03-30T00:00:00Z","related":["CVE-2026-3889","CVE-2026-4371","CVE-2026-4684","CVE-2026-4685","CVE-2026-4686","CVE-2026-4687","CVE-2026-4688","CVE-2026-4689","CVE-2026-4690","CVE-2026-4691","CVE-2026-4692","CVE-2026-4693","CVE-2026-4694","CVE-2026-4695","CVE-2026-4696","CVE-2026-4697","CVE-2026-4698","CVE-2026-4699","CVE-2026-4700","CVE-2026-4701","CVE-2026-4702","CVE-2026-4704","CVE-2026-4705","CVE-2026-4706","CVE-2026-4707","CVE-2026-4708","CVE-2026-4709","CVE-2026-4710","CVE-2026-4711","CVE-2026-4712","CVE-2026-4713","CVE-2026-4714","CVE-2026-4715","CVE-2026-4716","CVE-2026-4717","CVE-2026-4718","CVE-2026-4719","CVE-2026-4720","CVE-2026-4721"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-3889"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4371"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4684"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4685"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4686"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4687"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4688"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4689"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4690"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4691"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4692"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4693"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4694"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4695"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4696"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4697"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4698"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4699"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4700"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4701"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4702"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4704"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4705"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4706"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4707"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4708"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4709"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4710"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4711"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4712"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4713"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4714"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4715"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4716"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4717"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4718"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4719"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4720"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-4721"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450710"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450711"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450712"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450713"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450714"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450715"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450718"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450719"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450720"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450721"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450722"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450723"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450724"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450725"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450726"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450727"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450728"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450729"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450730"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450732"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450733"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450734"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450735"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450738"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450739"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450740"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450741"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450742"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450744"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450746"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450747"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450748"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450751"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450752"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450755"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450756"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2450757"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2451001"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2451006"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2026-6188.html"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/thunderbird"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"140.9.0-1.el9_7.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:6188.json"}}],"schema_version":"1.7.5"}