RHSA-2026:8315HighCVSS 8.2

Red Hat Security Advisory: thunderbird security update

Published
April 15, 2026
Last Modified
July 15, 2026

🔗 CVE IDs covered (39)

📋 Description

CVE-2026-3889 — thunderbird: Spoofing issue in Thunderbird CVE-2026-4371 — thunderbird: Out of bounds read in IMAP parsing CVE-2026-4684 — firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component CVE-2026-4685 — firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component CVE-2026-4686 — firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component CVE-2026-4687 — firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component CVE-2026-4688 — firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component CVE-2026-4689 — firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component CVE-2026-4690 — firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component CVE-2026-4691 — firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component CVE-2026-4692 — firefox: thunderbird: Sandbox escape in the Responsive Design Mode component CVE-2026-4693 — firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component CVE-2026-4694 — firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component CVE-2026-4695 — firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component CVE-2026-4696 — firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component CVE-2026-4697 — firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component CVE-2026-4698 — firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component CVE-2026-4699 — firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component CVE-2026-4700 — firefox: thunderbird: Mitigation bypass in the Networking: HTTP component CVE-2026-4701 — firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4702 — firefox: thunderbird: JIT miscompilation in the JavaScript Engine component CVE-2026-4704 — firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component CVE-2026-4705 — firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component CVE-2026-4706 — firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component CVE-2026-4707 — firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component CVE-2026-4708 — firefox: thunderbird: Incorrect boundary conditions in the Graphics component CVE-2026-4709 — firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component CVE-2026-4710 — firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component CVE-2026-4711 — firefox: thunderbird: Use-after-free in the Widget: Cocoa component CVE-2026-4712 — firefox: thunderbird: Information disclosure in the Widget: Cocoa component CVE-2026-4713 — firefox: thunderbird: Incorrect boundary conditions in the Graphics component CVE-2026-4714 — firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component CVE-2026-4715 — firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component CVE-2026-4716 — firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component CVE-2026-4717 — firefox: thunderbird: Privilege escalation in the Netmonitor component CVE-2026-4718 — firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component CVE-2026-4719 — firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component CVE-2026-4720 — firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 CVE-2026-4721 — firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

🔗 References (42)