Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/thunderbird@140.6.0-1?arch=el8_10
purl pkg:rpm/redhat/thunderbird@140.6.0-1?arch=el8_10
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.4
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-1jqj-tqfp-73f7
Aliases:
CVE-2025-14325
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. There are no reported fixed by versions.
VCID-4g7u-xmdq-mkdn
Aliases:
CVE-2025-14328
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. There are no reported fixed by versions.
VCID-5kwn-x8e4-ukgq
Aliases:
CVE-2025-14333
Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. There are no reported fixed by versions.
VCID-84jf-84jx-3fgj
Aliases:
CVE-2025-14323
Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. There are no reported fixed by versions.
VCID-db28-rbyf-1qf4
Aliases:
CVE-2025-14329
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. There are no reported fixed by versions.
VCID-h9em-p9se-rucn
Aliases:
CVE-2025-14321
Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. There are no reported fixed by versions.
VCID-hccf-ueut-vugw
Aliases:
CVE-2025-14322
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. There are no reported fixed by versions.
VCID-pcgf-xtfq-6ugb
Aliases:
CVE-2025-14330
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. There are no reported fixed by versions.
VCID-tkzd-c11q-3qaf
Aliases:
CVE-2025-14331
Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. There are no reported fixed by versions.
VCID-xghm-4ygw-tkb2
Aliases:
CVE-2025-14324
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T13:33:49.648499+00:00 RedHat Importer Affected by VCID-h9em-p9se-rucn https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14321.json 38.0.0
2026-04-01T13:33:48.523224+00:00 RedHat Importer Affected by VCID-hccf-ueut-vugw https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14322.json 38.0.0
2026-04-01T13:33:47.432964+00:00 RedHat Importer Affected by VCID-84jf-84jx-3fgj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14323.json 38.0.0
2026-04-01T13:33:46.378536+00:00 RedHat Importer Affected by VCID-xghm-4ygw-tkb2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14324.json 38.0.0
2026-04-01T13:33:45.221812+00:00 RedHat Importer Affected by VCID-1jqj-tqfp-73f7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14325.json 38.0.0
2026-04-01T13:33:43.027009+00:00 RedHat Importer Affected by VCID-4g7u-xmdq-mkdn https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14328.json 38.0.0
2026-04-01T13:33:41.913688+00:00 RedHat Importer Affected by VCID-db28-rbyf-1qf4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14329.json 38.0.0
2026-04-01T13:33:40.768952+00:00 RedHat Importer Affected by VCID-pcgf-xtfq-6ugb https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14330.json 38.0.0
2026-04-01T13:33:39.685101+00:00 RedHat Importer Affected by VCID-tkzd-c11q-3qaf https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14331.json 38.0.0
2026-04-01T13:33:38.498244+00:00 RedHat Importer Affected by VCID-5kwn-x8e4-ukgq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14333.json 38.0.0