RHSA-2026:6342

Details:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

• firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)

• firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)

• firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)

• firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)

• firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)

• firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)

• firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)

• firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)

• firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)

• firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)

• firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)

• firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)

• firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)

• firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)

• firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)

• firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)

• firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)

• firefox: thunderbird: Incorrect boundary conditions...