Advisories ยป MGASA-2026-0053

Updated thunderbird packages fix security vulnerabilities

Publication date: 09 Mar 2026
Modification date: 09 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2757 , CVE-2026-2758 , CVE-2026-2759 , CVE-2026-2760 , CVE-2026-2761 , CVE-2026-2762 , CVE-2026-2763 , CVE-2026-2764 , CVE-2026-2765 , CVE-2026-2766 , CVE-2026-2767 , CVE-2026-2768 , CVE-2026-2769 , CVE-2026-2770 , CVE-2026-2771 , CVE-2026-2772 , CVE-2026-2773 , CVE-2026-2774 , CVE-2026-2775 , CVE-2026-2776 , CVE-2026-2777 , CVE-2026-2778 , CVE-2026-2779 , CVE-2026-2780 , CVE-2026-2782 , CVE-2026-2783 , CVE-2026-2784 , CVE-2026-2785 , CVE-2026-2786 , CVE-2026-2787 , CVE-2026-2788 , CVE-2026-2789 , CVE-2026-2790 , CVE-2026-2791 , CVE-2026-2792 , CVE-2026-2793

Description

Incorrect boundary conditions in the WebRTC: Audio/Video component.
(CVE-2026-2757)
Use-after-free in the JavaScript: GC component. (CVE-2026-2758)
Incorrect boundary conditions in the Graphics: ImageLib component.
(CVE-2026-2759)
Sandbox escape due to incorrect boundary conditions in the Graphics:
WebRender component. (CVE-2026-2760)
Sandbox escape in the Graphics: WebRender component. (CVE-2026-2761)
Integer overflow in the JavaScript: Standard Library component.
(CVE-2026-2762)
Use-after-free in the JavaScript Engine component. (CVE-2026-2763)
JIT miscompilation, use-after-free in the JavaScript Engine: JIT
component. (CVE-2026-2764)
Use-after-free in the JavaScript Engine component. (CVE-2026-2765)
Use-after-free in the JavaScript Engine: JIT component. (CVE-2026-2766)
Use-after-free in the JavaScript: WebAssembly component. (CVE-2026-2767)
Sandbox escape in the Storage: IndexedDB component. (CVE-2026-2768)
Use-after-free in the Storage: IndexedDB component. (CVE-2026-2769)
Use-after-free in the DOM: Bindings (WebIDL) component. (CVE-2026-2770)
Undefined behavior in the DOM: Core & HTML component. (CVE-2026-2771)
Use-after-free in the Audio/Video: Playback component. (CVE-2026-2772)
Incorrect boundary conditions in the Web Audio component.
(CVE-2026-2773)
Integer overflow in the Audio/Video component. (CVE-2026-2774)
Mitigation bypass in the DOM: HTML Parser component. (CVE-2026-2775)
Sandbox escape due to incorrect boundary conditions in the Telemetry
component in External Software. (CVE-2026-2776)
Privilege escalation in the Messaging System component. (CVE-2026-2777)
Sandbox escape due to incorrect boundary conditions in the DOM: Core &
HTML component. (CVE-2026-2778)
Incorrect boundary conditions in the Networking: JAR component.
(CVE-2026-2779)
Privilege escalation in the Netmonitor component. (CVE-2026-2780)
Privilege escalation in the Netmonitor component. (CVE-2026-2782)
Information disclosure due to JIT miscompilation in the JavaScript
Engine: JIT component. (CVE-2026-2783)
Mitigation bypass in the DOM: Security component. (CVE-2026-2784)
Invalid pointer in the JavaScript Engine component. (CVE-2026-2785)
Use-after-free in the JavaScript Engine component. (CVE-2026-2786)
Use-after-free in the DOM: Window and Location component.
(CVE-2026-2787)
Incorrect boundary conditions in the Audio/Video: GMP component.
(CVE-2026-2788)
Use-after-free in the Graphics: ImageLib component. (CVE-2026-2789)
Same-origin policy bypass in the Networking: JAR component.
(CVE-2026-2790)
Mitigation bypass in the Networking: Cache component. (CVE-2026-2791)
Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8,
Firefox 148 and Thunderbird 148. (CVE-2026-2792)
Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8,
Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. (CVE-2026-2793)

References

SRPMS

9/core