{"id":"RLSA-2026:3517","summary":"Important: thunderbird security update","details":"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)\n\n* firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)\n\n* firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2793)\n\n* firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)\n\n* firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)\n\n* firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software (CVE-2026-2776)\n\n* firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)\n\n* firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)\n\n* firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)\n\n* firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)\n\n* firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)\n\n* firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-2783)\n\n* firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)\n\n* firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)\n\n* firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)\n\n* firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)\n\n* firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)\n\n* firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)\n\n* firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)\n\n* firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)\n\n* firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)\n\n* firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2792)\n\n* firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)\n\n* firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)\n\n* firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)\n\n* firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component (CVE-2026-2760)\n\n* firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)\n\n* firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)\n\n* firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)\n\n* firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)\n\n* firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)\n\n* firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)\n\n* firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)\n\n* firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component (CVE-2026-2778)\n\n* firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)\n\n* firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)\n\n* firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-03-09T01:22:10.742776Z","published":"2026-03-05T09:12:24.748134Z","upstream":["CVE-2026-2447","CVE-2026-2757","CVE-2026-2758","CVE-2026-2759","CVE-2026-2760","CVE-2026-2761","CVE-2026-2762","CVE-2026-2763","CVE-2026-2764","CVE-2026-2765","CVE-2026-2766","CVE-2026-2767","CVE-2026-2768","CVE-2026-2769","CVE-2026-2770","CVE-2026-2771","CVE-2026-2772","CVE-2026-2773","CVE-2026-2774","CVE-2026-2775","CVE-2026-2776","CVE-2026-2777","CVE-2026-2778","CVE-2026-2779","CVE-2026-2780","CVE-2026-2781","CVE-2026-2782","CVE-2026-2783","CVE-2026-2784","CVE-2026-2785","CVE-2026-2786","CVE-2026-2787","CVE-2026-2788","CVE-2026-2789","CVE-2026-2790","CVE-2026-2791","CVE-2026-2792","CVE-2026-2793"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:3517"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442331"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442337"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442322"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442295"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442292"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442343"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442290"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442307"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442316"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442304"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442328"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442335"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442318"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442342"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442288"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442325"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442320"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442291"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442314"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442312"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442297"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442324"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442319"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442327"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442300"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442313"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442284"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442287"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442308"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442298"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442294"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440219"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442333"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442309"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442334"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442329"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442326"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442302"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Rocky Linux:10","purl":"pkg:rpm/rocky-linux/thunderbird?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:140.8.0-2.el10_1"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2026:3517.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}