[ALSA-2026:33445] Important: thunderbird security update
Type:
security
Severity:
important
Release date:
2026-06-30
Description:
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * firefox: thunderbird: Sandbox escape in the DOM: Workers component (CVE-2026-12294) * firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12313) * firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12311) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12290) * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12327) * firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component (CVE-2026-12299) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12329) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12312) * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12302) * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12328) * firefox: thunderbird: Incorrect boundary conditions in the Internationalization component (CVE-2026-12330) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12314) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12309) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12310) * firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component (CVE-2026-12325) * firefox: thunderbird: Sandbox escape in the DOM: Navigation component (CVE-2026-12295) * firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-12289) * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12315) * firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component (CVE-2026-12296) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12306) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12307) * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component (CVE-2026-12297) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12305) * firefox: thunderbird: Incorrect boundary conditions in the Web Audio component (CVE-2026-12292) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12308) * firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-12324) * firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component (CVE-2026-12304) * firefox: thunderbird: Use-after-free in the Networking: HTTP component (CVE-2026-12291) * firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 (CVE-2026-12298) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 thunderbird-140.12.0-1.el8_10.alma.1.aarch64.rpm 716bf157c537993dc3e8951893d5135b20ab40491fea5e996bdcc1c83fe63193
ppc64le thunderbird-140.12.0-1.el8_10.alma.1.ppc64le.rpm 1192d80ca00c779288858a74a82fb79ca7200cc26edfb902879e562757bdbce7
x86_64 thunderbird-140.12.0-1.el8_10.alma.1.x86_64.rpm 584056a3c329718a11986bc0beccbb5a24bcb3dbf7e8bc09a0fce94a0de57c43
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.