ALSA-2026:20586

[ALSA-2026:20586] Important: thunderbird security update

Type:

security

Severity:

important

Release date:

2026-05-26

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.  

Security Fix(es):  

  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 (CVE-2026-7323)
  * firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component (CVE-2026-7320)
  * firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 (CVE-2026-7322)
  * firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-7321)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	thunderbird-140.10.1-1.el8_10.alma.1.aarch64.rpm	80346ecdd732f1c1136685db95efee359b4b37d0dda6ec331733c2795421d083
ppc64le	thunderbird-140.10.1-1.el8_10.alma.1.ppc64le.rpm	667f1a962f8e370428eba43660f35e41a9ff304a0d3c9515b46fa2f2693afa1a
s390x	thunderbird-140.10.1-1.el8_10.alma.1.s390x.rpm	f17cce01ea54bce826298a14efc33b3a5ddab93a14b77172bf780b1853e952eb
x86_64	thunderbird-140.10.1-1.el8_10.alma.1.x86_64.rpm	f6974134d57f625c96389ec9fc925c20a4cec42af53a7b73142a0e6f4c3b148f

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.