RHSA-2026:19348HighCVSS 8.8

Red Hat Security Advisory: thunderbird security update

Published
May 19, 2026
Last Modified
June 3, 2026

🔗 CVE IDs covered (29)

CVE-2026-6746CVE-2026-6767CVE-2026-6772CVE-2026-6751CVE-2026-6753CVE-2026-6765CVE-2026-7320CVE-2026-7321CVE-2026-7323CVE-2026-6762CVE-2026-6763CVE-2026-6785CVE-2026-6786CVE-2026-7322CVE-2026-6747CVE-2026-6749CVE-2026-6754CVE-2026-6770CVE-2026-6776CVE-2026-6748CVE-2026-6750CVE-2026-6769CVE-2026-6757CVE-2026-6761CVE-2026-6752CVE-2026-6759CVE-2026-6764CVE-2026-6766CVE-2026-6771

📋 Description

CVE-2026-6746 — firefox: thunderbird: Use-after-free in the DOM: Core & HTML component CVE-2026-6747 — firefox: thunderbird: Use-after-free in the WebRTC component CVE-2026-6748 — firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component CVE-2026-6749 — firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component CVE-2026-6750 — firefox: thunderbird: Privilege escalation in the Graphics: WebRender component CVE-2026-6751 — firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component CVE-2026-6752 — firefox: thunderbird: Incorrect boundary conditions in the WebRTC component CVE-2026-6753 — firefox: thunderbird: Incorrect boundary conditions in the WebRTC component CVE-2026-6754 — firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6757 — firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component CVE-2026-6759 — firefox: thunderbird: Use-after-free in the Widget: Cocoa component CVE-2026-6761 — firefox: thunderbird: Privilege escalation in the Networking component CVE-2026-6762 — firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component CVE-2026-6763 — firefox: thunderbird: Mitigation bypass in the File Handling component CVE-2026-6764 — firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component CVE-2026-6765 — firefox: thunderbird: Information disclosure in the Form Autofill component CVE-2026-6766 — firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6767 — firefox: thunderbird: Other issue in the Libraries component in NSS CVE-2026-6769 — firefox: thunderbird: Privilege escalation in the Debugger component CVE-2026-6770 — firefox: thunderbird: Other issue in the Storage: IndexedDB component CVE-2026-6771 — firefox: thunderbird: Mitigation bypass in the DOM: Security component CVE-2026-6772 — firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6776 — firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component CVE-2026-6785 — firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 CVE-2026-6786 — firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 CVE-2026-7320 — firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component CVE-2026-7321 — firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component CVE-2026-7322 — firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 CVE-2026-7323 — firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1

🔗 References (32)