Search for packages
| purl | pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1 |
| Next non-vulnerable version | 1:140.9.0esr-1~deb12u1 |
| Latest non-vulnerable version | 1:140.9.0esr-1~deb12u1 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-13he-qsr4-h3d4
Aliases: CVE-2026-4709 |
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-15j8-br8z-juf3
Aliases: CVE-2026-3889 |
Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-1fv1-edht-ufag
Aliases: CVE-2026-4715 |
Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-23eu-22t2-cydd
Aliases: CVE-2026-4714 |
Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-26d3-ctnj-7kbh
Aliases: CVE-2026-4691 |
Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-289s-f2w6-53g9
Aliases: CVE-2026-4716 |
Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-351y-4nek-u3aw
Aliases: CVE-2026-4698 |
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-3grf-hwk1-3fh8
Aliases: CVE-2026-4719 |
Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-3kd3-hwzv-efbn
Aliases: CVE-2026-4721 |
Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
Affected by 0 other vulnerabilities. |
|
VCID-3xgu-7evz-mffw
Aliases: CVE-2026-4705 |
Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-4q6w-tdk9-d3an
Aliases: CVE-2026-4720 |
Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
Affected by 0 other vulnerabilities. |
|
VCID-646f-ndeq-5bee
Aliases: CVE-2026-4687 |
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-675n-7uzz-pqdj
Aliases: CVE-2026-4688 |
Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-6mur-mtfg-97gt
Aliases: CVE-2026-4371 |
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. |
Affected by 0 other vulnerabilities. |
|
VCID-77y6-jskt-qucb
Aliases: CVE-2025-59375 |
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. |
Affected by 0 other vulnerabilities. |
|
VCID-8qyy-e4jt-rbc4
Aliases: CVE-2026-4695 |
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-8vka-qus2-tbhj
Aliases: CVE-2026-2447 |
Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2. |
Affected by 0 other vulnerabilities. |
|
VCID-8xek-k5y2-6bfp
Aliases: CVE-2026-4689 |
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-b4bq-q3ga-3ff1
Aliases: CVE-2026-4707 |
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-b6sf-z5tm-4uau
Aliases: CVE-2026-4696 |
Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-e2k8-m9sm-8uek
Aliases: CVE-2026-4699 |
Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-ft6u-geds-fua9
Aliases: CVE-2026-4702 |
JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-gkva-6cu9-7keg
Aliases: CVE-2026-4692 |
Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-hshc-4xnc-gug4
Aliases: CVE-2026-4704 |
Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-hstd-23qm-bqdg
Aliases: CVE-2026-4717 |
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-j1hb-8jjy-tqgq
Aliases: CVE-2026-4693 |
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-kuwd-6tcg-fuha
Aliases: CVE-2026-4713 |
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-m6uv-91wz-xfdv
Aliases: CVE-2026-4700 |
Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-mm6w-kpe8-4kg3
Aliases: CVE-2026-4684 |
Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-nvsz-9s3r-nbhq
Aliases: CVE-2026-4718 |
Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-qkks-24cp-gqg2
Aliases: CVE-2026-4706 |
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-rp5h-ym8y-skbw
Aliases: CVE-2026-4701 |
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-t4t3-5pt5-ayds
Aliases: CVE-2026-4685 |
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-u3j3-fc4f-7ff7
Aliases: CVE-2026-4686 |
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-wmyy-2cg3-wyhc
Aliases: CVE-2026-4697 |
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-wqw2-gjvu-6qbu
Aliases: CVE-2026-4690 |
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-wvx2-pba2-sqha
Aliases: CVE-2026-4708 |
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-yjc2-2whn-uug5
Aliases: CVE-2026-4694 |
Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-ymak-rv52-h7a5
Aliases: CVE-2026-4710 |
Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1hay-xe3q-gyb4 | Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2789
|
| VCID-1u8u-pnq3-t7ae | Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2757
|
| VCID-1v2s-g46y-ybdc | Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2026-2792
|
| VCID-3gmj-y8qd-ufej | Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2787
|
| VCID-3sg3-9yx7-fufa | Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2790
|
| VCID-4xqc-36jb-63c2 | Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2786
|
| VCID-5ept-fu7g-8kes | Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2780
|
| VCID-6cx1-8t9m-u3av | Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0886
|
| VCID-6fsa-bnes-tkff | Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2765
|
| VCID-7wmw-hpfw-vuaa | Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2761
|
| VCID-8u4y-zrhv-8fe9 | Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0887
|
| VCID-8zy6-g8kn-hbdc | Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2775
|
| VCID-9zxb-j4ep-n7g9 | Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2791
|
| VCID-a98z-hwzc-wkcj | Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0882
|
| VCID-azdd-vdn3-kffy | Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2758
|
| VCID-b5jm-57h2-2qcs | JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2764
|
| VCID-b8dx-232z-qbbc | Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2779
|
| VCID-cpez-x3zd-p7bu | Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2785
|
| VCID-deth-9krh-kufj | Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0890
|
| VCID-dxwp-5jfs-nuew | Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2778
|
| VCID-gcnq-avax-aqcv | Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2776
|
| VCID-h2gc-zk2a-1fg6 | Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0884
|
| VCID-hsc9-up4x-nbgs | Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2762
|
| VCID-jybh-8px4-pqau | Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0885
|
| VCID-kk2m-2mxz-sbex | Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7. |
CVE-2025-14327
|
| VCID-m3mp-su9k-sfhs | Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2763
|
| VCID-menq-g5ce-1yd8 | Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2026-2793
|
| VCID-mn6j-2wd1-ukfb | Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2774
|
| VCID-ndd4-kd1y-z7ep | Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0878
|
| VCID-nhsr-4zux-2bck | Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2769
|
| VCID-nkpq-9gd6-nuc4 | Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2026-0891
|
| VCID-ntqr-ptmu-yuen | Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2767
|
| VCID-p9zh-7wyj-hffm | Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2771
|
| VCID-pemg-ndu8-wbbc | Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0879
|
| VCID-q1pv-avug-juef | Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2777
|
| VCID-qcxw-ds31-3ubd | When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. |
CVE-2026-0818
|
| VCID-qm8f-f8nr-qba9 | Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0880
|
| VCID-qta2-8rnt-k7d1 | Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2788
|
| VCID-r7vt-w149-9bfn | Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2773
|
| VCID-sgwe-9xfj-6kav | Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2783
|
| VCID-ss9j-7jd7-nbf1 | Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2770
|
| VCID-t2c3-smqc-zkba | Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0877
|
| VCID-te1e-sjsk-bfd8 | Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2768
|
| VCID-ud33-vgxh-8khj | Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2766
|
| VCID-vszp-vyxy-f7g7 | Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2781
|
| VCID-w4u8-25rz-gqeq | Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2782
|
| VCID-wagm-cq36-k7g3 | Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2760
|
| VCID-wwdh-xmux-3qdq | Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2759
|
| VCID-wwkc-4c69-cbea | Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2784
|
| VCID-xcbn-tkgg-4ben | Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2772
|
| VCID-zdxh-fp2e-47dd | Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
CVE-2026-0883
|