{"id":"MGASA-2026-0081","summary":"Updated thunderbird packages fix security vulnerabilities","details":"Denial-of-service in the XML component. (CVE-2025-59375)\nSpoofing issue in Thunderbird. (CVE-2026-3889)\nRace condition, use-after-free in the Graphics: WebRender component.\n(CVE-2026-4684)\nIncorrect boundary conditions in the Graphics: Canvas2D component.\n(CVE-2026-4685)\nIncorrect boundary conditions in the Graphics: Canvas2D component.\n(CVE-2026-4686)\nSandbox escape due to incorrect boundary conditions in the Telemetry\ncomponent. (CVE-2026-4687)\nSandbox escape due to use-after-free in the Disability Access APIs\ncomponent. (CVE-2026-4688)\nSandbox escape due to incorrect boundary conditions, integer overflow in\nthe XPCOM component. (CVE-2026-4689)\nSandbox escape due to incorrect boundary conditions, integer overflow in\nthe XPCOM component. (CVE-2026-4690)\nUse-after-free in the CSS Parsing and Computation component.\n(CVE-2026-4691)\nSandbox escape in the Responsive Design Mode component. (CVE-2026-4692)\nIncorrect boundary conditions in the Audio/Video: Playback component.\n(CVE-2026-4693)\nIncorrect boundary conditions, integer overflow in the Graphics\ncomponent. (CVE-2026-4694)\nIncorrect boundary conditions in the Audio/Video: Web Codecs component.\n(CVE-2026-4695)\nUse-after-free in the Layout: Text and Fonts component. (CVE-2026-4696)\nIncorrect boundary conditions in the Audio/Video: Web Codecs component.\n(CVE-2026-4697)\nJIT miscompilation in the JavaScript Engine: JIT component.\n(CVE-2026-4698)\nIncorrect boundary conditions in the Layout: Text and Fonts component.\n(CVE-2026-4699)\nMitigation bypass in the Networking: HTTP component. (CVE-2026-4700)\nUse-after-free in the JavaScript Engine component. (CVE-2026-4701)\nJIT miscompilation in the JavaScript Engine component. (CVE-2026-4702)\nDenial-of-service in the WebRTC: Signaling component. (CVE-2026-4704)\nUndefined behavior in the WebRTC: Signaling component. (CVE-2026-4705)\nIncorrect boundary conditions in the Graphics: Canvas2D component.\n(CVE-2026-4706)\nIncorrect boundary conditions in the Graphics: Canvas2D component.\n(CVE-2026-4707)\nIncorrect boundary conditions in the Graphics component. (CVE-2026-4708)\nIncorrect boundary conditions in the Audio/Video: GMP component.\n(CVE-2026-4709)\nIncorrect boundary conditions in the Audio/Video component.\n(CVE-2026-4710)\nUse-after-free in the Widget: Cocoa component. (CVE-2026-4711)\nInformation disclosure in the Widget: Cocoa component. (CVE-2026-4712)\nIncorrect boundary conditions in the Graphics component. (CVE-2026-4713)\nIncorrect boundary conditions in the Audio/Video component.\n(CVE-2026-4714)\nUninitialized memory in the Graphics: Canvas2D component.\n(CVE-2026-4715)\nIncorrect boundary conditions, uninitialized memory in the JavaScript\nEngine component. (CVE-2026-4716)\nPrivilege escalation in the Netmonitor component. (CVE-2026-4717)\nUndefined behavior in the WebRTC: Signaling component. (CVE-2026-4718)\nIncorrect boundary conditions in the Graphics: Text component.\n(CVE-2026-4719)\nMemory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9,\nFirefox 149 and Thunderbird 149. (CVE-2026-4720)\nMemory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9,\nThunderbird ESR 140.9, Firefox 149 and Thunderbird 149. (CVE-2026-4721)\n","modified":"2026-04-02T17:00:06.346441Z","published":"2026-04-02T16:48:37Z","related":["CVE-2025-59375","CVE-2026-3889","CVE-2026-4684","CVE-2026-4685","CVE-2026-4686","CVE-2026-4687","CVE-2026-4688","CVE-2026-4689","CVE-2026-4690","CVE-2026-4691","CVE-2026-4692","CVE-2026-4693","CVE-2026-4694","CVE-2026-4695","CVE-2026-4696","CVE-2026-4697","CVE-2026-4698","CVE-2026-4699","CVE-2026-4700","CVE-2026-4701","CVE-2026-4702","CVE-2026-4704","CVE-2026-4705","CVE-2026-4706","CVE-2026-4707","CVE-2026-4708","CVE-2026-4709","CVE-2026-4710","CVE-2026-4711","CVE-2026-4712","CVE-2026-4713","CVE-2026-4714","CVE-2026-4715","CVE-2026-4716","CVE-2026-4717","CVE-2026-4718","CVE-2026-4719","CVE-2026-4720","CVE-2026-4721"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0081.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=35273"},{"type":"REPORT","url":"https://www.thunderbird.net/en-US/thunderbird/140.9.0esr/releasenotes/"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"140.9.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0081.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"140.9.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0081.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}