{
  "schema_version": "1.7.0",
  "id": "MGASA-2026-0125",
  "published": "2026-05-09T16:24:29Z",
  "modified": "2026-05-09T15:38:40Z",
  "summary": "Updated thunderbird packages fix security vulnerabilities",
  "details": "Use-after-free in the DOM: Core & HTML component. (CVE-2026-6746)\nUse-after-free in the WebRTC component. (CVE-2026-6747)\nUninitialized memory in the Audio/Video: Web Codecs component.\n(CVE-2026-6748)\nInformation disclosure due to uninitialized memory in the Graphics:\nCanvas2D component. (CVE-2026-6749)\nPrivilege escalation in the Graphics: WebRender component.\n(CVE-2026-6750)\nUninitialized memory in the Audio/Video: Web Codecs component.\n(CVE-2026-6751)\nIncorrect boundary conditions in the WebRTC component. (CVE-2026-6752)\nIncorrect boundary conditions in the WebRTC component. (CVE-2026-6753)\nUse-after-free in the JavaScript Engine component. (CVE-2026-6754)\nInvalid pointer in the JavaScript: WebAssembly component.\n(CVE-2026-6757)\nUse-after-free in the Widget: Cocoa component. (CVE-2026-6759)\nPrivilege escalation in the Networking component. (CVE-2026-6761)\nSpoofing issue in the DOM: Core & HTML component. (CVE-2026-6762)\nMitigation bypass in the File Handling component. (CVE-2026-6763)\nIncorrect boundary conditions in the DOM: Device Interfaces component.\n(CVE-2026-6764)\nInformation disclosure in the Form Autofill component. (CVE-2026-6765)\nPrivilege escalation in the Debugger component. (CVE-2026-6769)\nOther issue in the Storage: IndexedDB component. (CVE-2026-6770)\nMitigation bypass in the DOM: Security component. (CVE-2026-6771)\nIncorrect boundary conditions in the WebRTC: Networking component.\n(CVE-2026-6776)\nMemory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10,\nThunderbird ESR 140.10, Firefox 150 and Thunderbird 150. (CVE-2026-6785)\nMemory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10,\nFirefox 150 and Thunderbird 150. (CVE-2026-6786)\nInformation disclosure due to incorrect boundary conditions in the\nAudio/Video component. (CVE-2026-7320)\nSandbox escape due to incorrect boundary conditions in the WebRTC:\nNetworking component. (CVE-2026-7321)\nMemory safety bugs fixed in Memory safety bugs fixed in Thunderbird ESR\n140.10.1 and Thunderbird 150.0.1. (CVE-2026-7322)\nMemory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird\n150.0.1. (CVE-2026-7323)\n",
  "upstream": [
    "CVE-2026-6746",
    "CVE-2026-6747",
    "CVE-2026-6748",
    "CVE-2026-6749",
    "CVE-2026-6750",
    "CVE-2026-6751",
    "CVE-2026-6752",
    "CVE-2026-6753",
    "CVE-2026-6754",
    "CVE-2026-6757",
    "CVE-2026-6759",
    "CVE-2026-6761",
    "CVE-2026-6762",
    "CVE-2026-6763",
    "CVE-2026-6764",
    "CVE-2026-6765",
    "CVE-2026-6769"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2026-0125.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=35404"
    },
    {
      "type": "WEB",
      "url": "https://www.thunderbird.net/en-US/thunderbird/140.10.0esr/releasenotes/"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/"
    },
    {
      "type": "WEB",
      "url": "https://www.thunderbird.net/en-US/thunderbird/140.10.1esr/releasenotes/"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "thunderbird",
        "purl": "pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.10.1-1.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "thunderbird-l10n",
        "purl": "pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.10.1-1.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}
