{"schema_version": "1.7.0", "id": "RLSA-2026:29940", "modified": "2026-06-26T12:06:11.159913Z", "published": "2026-06-26T12:03:13.137376Z", "upstream": ["CVE-2026-12289", "CVE-2026-12290", "CVE-2026-12291", "CVE-2026-12292", "CVE-2026-12294", "CVE-2026-12295", "CVE-2026-12296", "CVE-2026-12297", "CVE-2026-12298", "CVE-2026-12299", "CVE-2026-12302", "CVE-2026-12304", "CVE-2026-12305", "CVE-2026-12306", "CVE-2026-12307", "CVE-2026-12308", "CVE-2026-12309", "CVE-2026-12310", "CVE-2026-12311", "CVE-2026-12312", "CVE-2026-12313", "CVE-2026-12314", "CVE-2026-12315", "CVE-2026-12324", "CVE-2026-12325", "CVE-2026-12327", "CVE-2026-12328", "CVE-2026-12329", "CVE-2026-12330"], "summary": "Important: thunderbird security update", "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* firefox: thunderbird: Sandbox escape in the DOM: Workers component (CVE-2026-12294)\n\n* firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12313)\n\n* firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12311)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12290)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12327)\n\n* firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component (CVE-2026-12299)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12329)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12312)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12302)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12328)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Internationalization component (CVE-2026-12330)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12314)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12309)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12310)\n\n* firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component (CVE-2026-12325)\n\n* firefox: thunderbird: Sandbox escape in the DOM: Navigation component (CVE-2026-12295)\n\n* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-12289)\n\n* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12315)\n\n* firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component (CVE-2026-12296)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12306)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12307)\n\n* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component (CVE-2026-12297)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12305)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Web Audio component (CVE-2026-12292)\n\n* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12308)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-12324)\n\n* firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component (CVE-2026-12304)\n\n* firefox: thunderbird: Use-after-free in the Networking: HTTP component (CVE-2026-12291)\n\n* firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 (CVE-2026-12298)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}], "affected": [{"package": {"ecosystem": "Rocky Linux:9", "name": "thunderbird", "purl": "pkg:rpm/rocky-linux/thunderbird?distro=rocky-linux-9&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:140.12.0-1.el9_8"}], "database_specific": {"yum_repository": "AppStream"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2026:29940"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489207"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489208"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489209"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489210"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489211"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489212"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489214"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489215"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489217"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489218"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489220"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489221"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489223"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489224"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489225"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489226"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489229"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489231"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489232"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489233"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489234"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489235"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489236"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489237"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489239"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489240"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489243"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489244"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489248"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}