Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: thunderbird: Sandbox escape in the DOM: Workers component (CVE-2026-12294)
* firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12313)
* firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12311)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12290)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12327)
* firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component (CVE-2026-12299)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12329)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12312)
* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12302)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12328)
* firefox: thunderbird: Incorrect boundary conditions in the Internationalization component (CVE-2026-12330)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12314)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12309)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12310)
* firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component (CVE-2026-12325)
* firefox: thunderbird: Sandbox escape in the DOM: Navigation component (CVE-2026-12295)
* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-12289)
* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12315)
* firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component (CVE-2026-12296)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12306)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12307)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component (CVE-2026-12297)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12305)
* firefox: thunderbird: Incorrect boundary conditions in the Web Audio component (CVE-2026-12292)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12308)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-12324)
* firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component (CVE-2026-12304)
* firefox: thunderbird: Use-after-free in the Networking: HTTP component (CVE-2026-12291)
* firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 (CVE-2026-12298)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
thunderbird-140.12.0-1.el10_2.alma.1.aarch64.rpm |
bb21cd63e6e0b8d90665430ba8504f450560248e3beccc39fc55a0c4b6ea9f86 |
| ppc64le |
thunderbird-140.12.0-1.el10_2.alma.1.ppc64le.rpm |
b34e3f3903ee108e8bc9bca389a7086ad7548ea00c9c842d097f0b01c9427402 |
| s390x |
thunderbird-140.12.0-1.el10_2.alma.1.s390x.rpm |
7a5ea9360b175059b27953b8eff34341c5b2eca23ef6ff93bb14e6b664d35679 |
| x86_64 |
thunderbird-140.12.0-1.el10_2.alma.1.x86_64.rpm |
9759f6d8a3dbd70b8f23e4f940fe41813b268548eacc3a8bad178a5db52d017c |
| x86_64_v2 |
thunderbird-140.12.0-1.el10_2.alma.1.x86_64_v2.rpm |
e8d5362229b3799983becba2823c5e9f7350877c6273155e7034be882fcce3a6 |