Advisories ยป MGASA-2026-0243

Updated thunderbird thunderbird-l10n packages fix security vulnerabilities

Publication date: 13 Jul 2026
Modification date: 13 Jul 2026
Type: security
Affected Mageia releases : 10 , 9
CVE: CVE-2026-12289 , CVE-2026-12290 , CVE-2026-12291 , CVE-2026-12292 , CVE-2026-12294 , CVE-2026-12295 , CVE-2026-12296 , CVE-2026-12297 , CVE-2026-12298 , CVE-2026-12299 , CVE-2026-12302 , CVE-2026-12304 , CVE-2026-12305 , CVE-2026-12306 , CVE-2026-12307 , CVE-2026-12308 , CVE-2026-12309 , CVE-2026-12310 , CVE-2026-12311 , CVE-2026-12312 , CVE-2026-12313 , CVE-2026-12314 , CVE-2026-12315 , CVE-2026-12330 , CVE-2026-12324 , CVE-2026-12325 , CVE-2026-12327 , CVE-2026-12328 , CVE-2026-12329 , CVE-2026-57962 , CVE-2026-57963

Description

The updated packages fix security vulnerabilities:
Privilege escalation in the Graphics: WebRender component.
(CVE-2026-12289)
Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12290)
Use-after-free in the Networking: HTTP component. (CVE-2026-12291)
Incorrect boundary conditions in the Web Audio component.
(CVE-2026-12292)
Sandbox escape in the DOM: Workers component. (CVE-2026-12294)
Sandbox escape in the DOM: Navigation component. (CVE-2026-12295)
Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12298)
Sandbox escape in the Security: Process Sandboxing component.
(CVE-2026-12296)
Sandbox escape due to incorrect boundary conditions in the Networking
component. (CVE-2026-12297)
JIT miscompilation in the DOM: Core & HTML component. (CVE-2026-12299)
Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12329)
Mitigation bypass in the DOM: Security component. (CVE-2026-12302)
Same-origin policy bypass in the Networking: Cookies component.
(CVE-2026-12304)
Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12305)
Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12306)
Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12307)
Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12308)
Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12309)
Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12310)
Information disclosure, sandbox escape in the Security: Process
Sandboxing component. (CVE-2026-12311)
Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12312)
Information disclosure, sandbox escape in the Security: Process
Sandboxing component. (CVE-2026-12313)
Memory safety bug fixed in Thunderbird ESR 140.12. (CVE-2026-12314)
Mitigation bypass in the DOM: Security component. (CVE-2026-12315)
Incorrect boundary conditions in the Internationalization component.
(CVE-2026-12330)
Incorrect boundary conditions in the Graphics: CanvasWebGL component.
(CVE-2026-12324)
Denial-of-service in the Graphics: ImageLib component. (CVE-2026-12325)
Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12,
Firefox 152 and Thunderbird 152. (CVE-2026-12327)
Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12,
Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152.
(CVE-2026-12328)
Denial-of-service via malicious LDAP address-book server.
(CVE-2026-57962)
Chat UI manipulation by injection. (CVE-2026-57963)
                

References

SRPMS

10/core

9/core