ALSA-2026:6917

[ALSA-2026:6917] Important: thunderbird security update

Type:

security

Severity:

important

Release date:

2026-04-15

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.  

Security Fix(es):  

  * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)
  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)
  * firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)
  * firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)
  * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)
  * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)
  * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)
  * firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)
  * firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)
  * firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)
  * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)
  * firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)
  * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)
  * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)
  * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)
  * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)
  * firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)
  * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)
  * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)
  * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)
  * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)
  * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)
  * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)
  * firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)
  * firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)
  * firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)
  * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)
  * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)
  * firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)
  * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)
  * firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)
  * firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)
  * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)
  * firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)
  * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)
  * firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)
  * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)
  * thunderbird: Out of bounds read in IMAP parsing (CVE-2026-4371)
  * thunderbird: Spoofing issue in Thunderbird (CVE-2026-3889)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

CVE-2026-3889
CVE-2026-4371
CVE-2026-4684
CVE-2026-4685
CVE-2026-4686
CVE-2026-4687
CVE-2026-4688
CVE-2026-4689
CVE-2026-4690
CVE-2026-4691
CVE-2026-4692
CVE-2026-4693
CVE-2026-4694
CVE-2026-4695
CVE-2026-4696
CVE-2026-4697
CVE-2026-4698
CVE-2026-4699
CVE-2026-4700
CVE-2026-4701
CVE-2026-4702
CVE-2026-4704
CVE-2026-4705
CVE-2026-4706
CVE-2026-4707
CVE-2026-4708
CVE-2026-4709
CVE-2026-4710
CVE-2026-4711
CVE-2026-4712
CVE-2026-4713
CVE-2026-4714
CVE-2026-4715
CVE-2026-4716
CVE-2026-4717
CVE-2026-4718
CVE-2026-4719
CVE-2026-4720
CVE-2026-4721
RHSA-2026:6917
ALSA-2026:6917

Updated packages listed below:

Architecture	Package	Checksum
aarch64	thunderbird-140.9.0-1.el8_10.alma.1.aarch64.rpm	fbb7f71ecdc0f3f58d602d80418bfcb29e845779d768d1a44b215fc4ffa38063
ppc64le	thunderbird-140.9.0-1.el8_10.alma.1.ppc64le.rpm	7b85a972e6dc3d02cbad2095ba7fd1a2163d520005c6052662ace4b3345d0f87
s390x	thunderbird-140.9.0-1.el8_10.alma.1.s390x.rpm	a74ac809dd88901c040aa2e9d099fe9cd5021383b8693041000daf7dc071796d
x86_64	thunderbird-140.9.0-1.el8_10.alma.1.x86_64.rpm	3ffcbe2ff795160d6ac09798cac5cfd51c02a2a0c36ef9ca1dfa7d89f21372c2

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.