This update for MozillaThunderbird fixes the following issues:
Update to Mozilla Thunderbird 140.9 (MFSA 2026-24, bsc#1260083):
- CVE-2026-3889: Spoofing issue in Thunderbird
- CVE-2026-4371: Out of bounds read in IMAP parsing
- CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component
- CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component
- CVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D component
- CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component
- CVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access APIs component
- CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
- CVE-2026-4690: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
- CVE-2026-4691: Use-after-free in the CSS Parsing and Computation component
- CVE-2026-4692: Sandbox escape in the Responsive Design Mode component
- CVE-2026-4693: Incorrect boundary conditions in the Audio/Video: Playback component
- CVE-2026-4694: Incorrect boundary conditions, integer overflow in the Graphics component
- CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component
- CVE-2026-4696: Use-after-free in the Layout: Text and Fonts component
- CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component
- CVE-2026-4698: JIT miscompilation in the JavaScript Engine: JIT component
- CVE-2026-4699: Incorrect boundary conditions in the Layout: Text and Fonts component
- CVE-2026-4700: Mitigation bypass in the Networking: HTTP component
- CVE-2026-4701: Use-after-free in the JavaScript Engine component
- CVE-2026-4702: JIT miscompilation in the JavaScript Engine component
- CVE-2026-4704: Denial-of-service in the WebRTC: Signaling component
- CVE-2026-4705: Undefined behavior in the WebRTC: Signaling component
- CVE-2026-4706:...