Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/thunderbird@140.7.0-1?arch=el8_2
purl pkg:rpm/redhat/thunderbird@140.7.0-1?arch=el8_2
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.4
Vulnerabilities affecting this package (13)
Vulnerability Summary Fixed by
VCID-6cx1-8t9m-u3av
Aliases:
CVE-2026-0886
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. There are no reported fixed by versions.
VCID-8u4y-zrhv-8fe9
Aliases:
CVE-2026-0887
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. There are no reported fixed by versions.
VCID-a98z-hwzc-wkcj
Aliases:
CVE-2026-0882
Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. There are no reported fixed by versions.
VCID-deth-9krh-kufj
Aliases:
CVE-2026-0890
Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. There are no reported fixed by versions.
VCID-h2gc-zk2a-1fg6
Aliases:
CVE-2026-0884
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. There are no reported fixed by versions.
VCID-jybh-8px4-pqau
Aliases:
CVE-2026-0885
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. There are no reported fixed by versions.
VCID-kk2m-2mxz-sbex
Aliases:
CVE-2025-14327
Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7. There are no reported fixed by versions.
VCID-ndd4-kd1y-z7ep
Aliases:
CVE-2026-0878
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. There are no reported fixed by versions.
VCID-nkpq-9gd6-nuc4
Aliases:
CVE-2026-0891
Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. There are no reported fixed by versions.
VCID-pemg-ndu8-wbbc
Aliases:
CVE-2026-0879
Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. There are no reported fixed by versions.
VCID-qm8f-f8nr-qba9
Aliases:
CVE-2026-0880
Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. There are no reported fixed by versions.
VCID-t2c3-smqc-zkba
Aliases:
CVE-2026-0877
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. There are no reported fixed by versions.
VCID-zdxh-fp2e-47dd
Aliases:
CVE-2026-0883
Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T13:33:43.495561+00:00 RedHat Importer Affected by VCID-kk2m-2mxz-sbex https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14327.json 38.0.0
2026-04-01T13:32:50.761617+00:00 RedHat Importer Affected by VCID-t2c3-smqc-zkba https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0877.json 38.0.0
2026-04-01T13:32:49.646747+00:00 RedHat Importer Affected by VCID-ndd4-kd1y-z7ep https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0878.json 38.0.0
2026-04-01T13:32:48.645898+00:00 RedHat Importer Affected by VCID-qm8f-f8nr-qba9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0880.json 38.0.0
2026-04-01T13:32:47.562683+00:00 RedHat Importer Affected by VCID-pemg-ndu8-wbbc https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0879.json 38.0.0
2026-04-01T13:32:46.446472+00:00 RedHat Importer Affected by VCID-a98z-hwzc-wkcj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0882.json 38.0.0
2026-04-01T13:32:45.425479+00:00 RedHat Importer Affected by VCID-zdxh-fp2e-47dd https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0883.json 38.0.0
2026-04-01T13:32:44.329271+00:00 RedHat Importer Affected by VCID-h2gc-zk2a-1fg6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0884.json 38.0.0
2026-04-01T13:32:43.255893+00:00 RedHat Importer Affected by VCID-jybh-8px4-pqau https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0885.json 38.0.0
2026-04-01T13:32:42.204960+00:00 RedHat Importer Affected by VCID-6cx1-8t9m-u3av https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0886.json 38.0.0
2026-04-01T13:32:41.197790+00:00 RedHat Importer Affected by VCID-8u4y-zrhv-8fe9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0887.json 38.0.0
2026-04-01T13:32:40.107683+00:00 RedHat Importer Affected by VCID-deth-9krh-kufj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0890.json 38.0.0
2026-04-01T13:32:39.047322+00:00 RedHat Importer Affected by VCID-nkpq-9gd6-nuc4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0891.json 38.0.0