{"schema_version": "1.7.0", "id": "RLSA-2026:6188", "modified": "2026-04-07T12:09:18.122432Z", "published": "2026-04-07T12:03:55.701474Z", "upstream": ["CVE-2026-3889", "CVE-2026-4371", "CVE-2026-4684", "CVE-2026-4685", "CVE-2026-4686", "CVE-2026-4687", "CVE-2026-4688", "CVE-2026-4689", "CVE-2026-4690", "CVE-2026-4691", "CVE-2026-4692", "CVE-2026-4693", "CVE-2026-4694", "CVE-2026-4695", "CVE-2026-4696", "CVE-2026-4697", "CVE-2026-4698", "CVE-2026-4699", "CVE-2026-4700", "CVE-2026-4701", "CVE-2026-4702", "CVE-2026-4704", "CVE-2026-4705", "CVE-2026-4706", "CVE-2026-4707", "CVE-2026-4708", "CVE-2026-4709", "CVE-2026-4710", "CVE-2026-4711", "CVE-2026-4712", "CVE-2026-4713", "CVE-2026-4714", "CVE-2026-4715", "CVE-2026-4716", "CVE-2026-4717", "CVE-2026-4718", "CVE-2026-4719", "CVE-2026-4720", "CVE-2026-4721"], "summary": "Important: thunderbird security update", "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)\n\n* firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)\n\n* firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)\n\n* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)\n\n* firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)\n\n* firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)\n\n* firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)\n\n* firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)\n\n* firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)\n\n* firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)\n\n* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)\n\n* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)\n\n* firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)\n\n* firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)\n\n* firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)\n\n* firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)\n\n* firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)\n\n* firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)\n\n* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)\n\n* firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)\n\n* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)\n\n* firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)\n\n* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)\n\n* thunderbird: Out of bounds read in IMAP parsing (CVE-2026-4371)\n\n* thunderbird: Spoofing issue in Thunderbird (CVE-2026-3889)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}], "affected": [{"package": {"ecosystem": "Rocky Linux:9", "name": "thunderbird", "purl": "pkg:rpm/rocky-linux/thunderbird?distro=rocky-linux-9&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:140.9.0-1.el9_7"}], "database_specific": {"yum_repository": "AppStream"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2026:6188"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450710"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450711"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450712"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450713"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450714"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450715"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450718"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450719"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450720"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450721"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450722"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450723"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450724"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450725"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450726"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450727"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450728"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450729"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450730"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450732"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450733"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450734"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450735"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450738"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450739"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450740"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450741"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450742"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450744"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450746"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450747"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450748"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450751"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450752"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450755"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450756"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450757"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451001"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451006"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}