{"id":"RHSA-2026:22643","summary":"Red Hat Security Advisory: thunderbird security update","modified":"2026-06-03T10:33:18.208527579Z","published":"2026-06-03T10:20:14Z","upstream":["CVE-2026-8388","CVE-2026-8391","CVE-2026-8401","CVE-2026-8946","CVE-2026-8947","CVE-2026-8950","CVE-2026-8953","CVE-2026-8954","CVE-2026-8955","CVE-2026-8956","CVE-2026-8957","CVE-2026-8958","CVE-2026-8959","CVE-2026-8961","CVE-2026-8962","CVE-2026-8968","CVE-2026-8970","CVE-2026-8974","CVE-2026-8975"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:22643"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476469"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476475"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476492"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479839"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479840"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479842"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479846"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479847"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479848"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479849"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479852"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479853"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479855"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479860"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479861"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479871"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479873"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479876"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479880"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22643.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8388"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8388"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8388"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8388"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8388"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8391"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8391"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8391"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8391"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8391"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8401"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8401"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8401"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-45/#CVE-2026-8401"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8401"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8401"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8946"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8946"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8946"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8946"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8946"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8947"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8947"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8947"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8947"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8947"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8950"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8950"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8950"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8950"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8950"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8953"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8953"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8953"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8953"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8953"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8954"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8954"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8954"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8954"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8954"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8955"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8955"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8955"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8955"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8955"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8956"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8956"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8956"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8956"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8956"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8957"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8957"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8957"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8957"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8957"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8958"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8958"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8958"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8958"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8958"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8959"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8959"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8959"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8959"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8959"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8961"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8961"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8961"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8961"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8961"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8962"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8962"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8962"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8962"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8962"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8968"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8968"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8968"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8968"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8968"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8970"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8970"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8970"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8970"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8970"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8974"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8974"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8974"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8974"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8974"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-8975"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-8975"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8975"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-48/#CVE-2026-8975"},{"type":"ARTICLE","url":"https://www.mozilla.org/security/advisories/mfsa2026-51/#CVE-2026-8975"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/thunderbird"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:140.11.0-1.el8_10"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:22643.json"}},{"package":{"name":"thunderbird-debuginfo","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/thunderbird-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:140.11.0-1.el8_10"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:22643.json"}},{"package":{"name":"thunderbird-debugsource","ecosystem":"Red Hat:enterprise_linux:8::appstream","purl":"pkg:rpm/redhat/thunderbird-debugsource"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:140.11.0-1.el8_10"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:22643.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}