{"schema_version": "1.7.0", "id": "RLSA-2026:19348", "modified": "2026-05-28T15:44:33.200970Z", "published": "2026-05-28T15:43:06.024531Z", "upstream": ["CVE-2026-6746", "CVE-2026-6747", "CVE-2026-6748", "CVE-2026-6749", "CVE-2026-6750", "CVE-2026-6751", "CVE-2026-6752", "CVE-2026-6753", "CVE-2026-6754", "CVE-2026-6757", "CVE-2026-6759", "CVE-2026-6761", "CVE-2026-6762", "CVE-2026-6763", "CVE-2026-6764", "CVE-2026-6765", "CVE-2026-6766", "CVE-2026-6767", "CVE-2026-6769", "CVE-2026-6770", "CVE-2026-6771", "CVE-2026-6772", "CVE-2026-6776", "CVE-2026-6785", "CVE-2026-6786", "CVE-2026-7320", "CVE-2026-7321", "CVE-2026-7322", "CVE-2026-7323"], "summary": "Important: thunderbird security update", "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)\n\n* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)\n\n* firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)\n\n* firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)\n\n* firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)\n\n* firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6786)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)\n\n* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)\n\n* firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)\n\n* firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component (CVE-2026-6749)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)\n\n* firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)\n\n* firefox: thunderbird: Mitigation bypass in the File Handling component (CVE-2026-6763)\n\n* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)\n\n* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)\n\n* firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component (CVE-2026-6764)\n\n* firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)\n\n* firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)\n\n* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)\n\n* firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)\n\n* firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 (CVE-2026-7323)\n\n* firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component (CVE-2026-7320)\n\n* firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 (CVE-2026-7322)\n\n* firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-7321)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}], "affected": [{"package": {"ecosystem": "Rocky Linux:9", "name": "thunderbird", "purl": "pkg:rpm/rocky-linux/thunderbird?distro=rocky-linux-9&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:140.10.1-1.el9_8"}], "database_specific": {"yum_repository": "AppStream"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2026:19348"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460074"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460075"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460076"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460078"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460079"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460085"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460086"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460088"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460092"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460094"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460095"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460096"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460097"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460099"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460101"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460102"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460103"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460104"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460105"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460106"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460107"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460108"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460109"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460110"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460112"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463481"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463483"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463484"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463485"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}