ALSA-2026:6188

See a problem?
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:6188.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2026:6188
Related
  • CVE-2026-3889
  • CVE-2026-4371
  • CVE-2026-4684
  • CVE-2026-4685
  • CVE-2026-4686
  • CVE-2026-4687
  • CVE-2026-4688
  • CVE-2026-4689
  • CVE-2026-4690
  • CVE-2026-4691
  • CVE-2026-4692
  • CVE-2026-4693
  • CVE-2026-4694
  • CVE-2026-4695
  • CVE-2026-4696
  • CVE-2026-4697
  • CVE-2026-4698
  • CVE-2026-4699
  • CVE-2026-4700
  • CVE-2026-4701
  • CVE-2026-4702
  • CVE-2026-4704
  • CVE-2026-4705
  • CVE-2026-4706
  • CVE-2026-4707
  • CVE-2026-4708
  • CVE-2026-4709
  • CVE-2026-4710
  • CVE-2026-4711
  • CVE-2026-4712
  • CVE-2026-4713
  • CVE-2026-4714
  • CVE-2026-4715
  • CVE-2026-4716
  • CVE-2026-4717
  • CVE-2026-4718
  • CVE-2026-4719
  • CVE-2026-4720
  • CVE-2026-4721
Published
2026-03-30T00:00:00Z
Modified
2026-04-03T08:14:27.468345736Z
Summary
Important: thunderbird security update
Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

  • firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)
  • firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)
  • firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)
  • firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)
  • firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)
  • firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)
  • firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)
  • firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)
  • firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)
  • firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)
  • firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)
  • firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)
  • firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)
  • firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)
  • firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)
  • firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)
  • firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)
  • firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)
  • firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)
  • firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)
  • firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)
  • firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)
  • firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)
  • firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)
  • firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)
  • firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)
  • firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)
  • firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)
  • firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)
  • firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)
  • firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)
  • firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)
  • firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)
  • firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)
  • firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)
  • firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)
  • firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)
  • thunderbird: Out of bounds read in IMAP parsing (CVE-2026-4371)
  • thunderbird: Spoofing issue in Thunderbird (CVE-2026-3889)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:9 / thunderbird

Package

Name
thunderbird
Purl
pkg:rpm/almalinux/thunderbird

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
140.9.0-1.el9_7.alma.1

Database specific

source 
"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:6188.json"