OESA-2026-1468

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1468

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-1468.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2026-1468

Upstream

CVE-2026-0818

CVE-2026-2447

Published

2026-02-28T12:46:05Z

Modified

2026-02-28T13:03:55.835725Z

Summary

thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. This vulnerability affects Thunderbird < 147.0.1 and Thunderbird < 140.7.1.(CVE-2026-0818)

Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.(CVE-2026-2447)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:24.03-LTS-SP3 / thunderbird

Package

Name: thunderbird
Purl: pkg:rpm/openEuler/thunderbird&distro=openEuler-24.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

140.7.2-1.oe2403sp3

Ecosystem specific

{
    "x86_64": [
        "thunderbird-140.7.2-1.oe2403sp3.x86_64.rpm",
        "thunderbird-debuginfo-140.7.2-1.oe2403sp3.x86_64.rpm",
        "thunderbird-debugsource-140.7.2-1.oe2403sp3.x86_64.rpm",
        "thunderbird-librnp-rnp-140.7.2-1.oe2403sp3.x86_64.rpm",
        "thunderbird-wayland-140.7.2-1.oe2403sp3.x86_64.rpm"
    ],
    "aarch64": [
        "thunderbird-140.7.2-1.oe2403sp3.aarch64.rpm",
        "thunderbird-debuginfo-140.7.2-1.oe2403sp3.aarch64.rpm",
        "thunderbird-debugsource-140.7.2-1.oe2403sp3.aarch64.rpm",
        "thunderbird-librnp-rnp-140.7.2-1.oe2403sp3.aarch64.rpm",
        "thunderbird-wayland-140.7.2-1.oe2403sp3.aarch64.rpm"
    ],
    "src": [
        "thunderbird-140.7.2-1.oe2403sp3.src.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-1468.json"