Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/thunderbird@140.8.0-2?arch=el10_0
purl pkg:rpm/redhat/thunderbird@140.8.0-2?arch=el10_0
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (38)
Vulnerability Summary Fixed by
VCID-1hay-xe3q-gyb4
Aliases:
CVE-2026-2789
Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-1u8u-pnq3-t7ae
Aliases:
CVE-2026-2757
Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-1v2s-g46y-ybdc
Aliases:
CVE-2026-2792
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. There are no reported fixed by versions.
VCID-3gmj-y8qd-ufej
Aliases:
CVE-2026-2787
Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-3sg3-9yx7-fufa
Aliases:
CVE-2026-2790
Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-4xqc-36jb-63c2
Aliases:
CVE-2026-2786
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-5ept-fu7g-8kes
Aliases:
CVE-2026-2780
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-6fsa-bnes-tkff
Aliases:
CVE-2026-2765
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-7wmw-hpfw-vuaa
Aliases:
CVE-2026-2761
Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-8vka-qus2-tbhj
Aliases:
CVE-2026-2447
Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2. There are no reported fixed by versions.
VCID-8zy6-g8kn-hbdc
Aliases:
CVE-2026-2775
Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-9zxb-j4ep-n7g9
Aliases:
CVE-2026-2791
Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-azdd-vdn3-kffy
Aliases:
CVE-2026-2758
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-b5jm-57h2-2qcs
Aliases:
CVE-2026-2764
JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-b8dx-232z-qbbc
Aliases:
CVE-2026-2779
Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-cpez-x3zd-p7bu
Aliases:
CVE-2026-2785
Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-dxwp-5jfs-nuew
Aliases:
CVE-2026-2778
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-gcnq-avax-aqcv
Aliases:
CVE-2026-2776
Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-hsc9-up4x-nbgs
Aliases:
CVE-2026-2762
Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-m3mp-su9k-sfhs
Aliases:
CVE-2026-2763
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-menq-g5ce-1yd8
Aliases:
CVE-2026-2793
Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. There are no reported fixed by versions.
VCID-mn6j-2wd1-ukfb
Aliases:
CVE-2026-2774
Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-nhsr-4zux-2bck
Aliases:
CVE-2026-2769
Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-ntqr-ptmu-yuen
Aliases:
CVE-2026-2767
Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-p9zh-7wyj-hffm
Aliases:
CVE-2026-2771
Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-q1pv-avug-juef
Aliases:
CVE-2026-2777
Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-qta2-8rnt-k7d1
Aliases:
CVE-2026-2788
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-r7vt-w149-9bfn
Aliases:
CVE-2026-2773
Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-sgwe-9xfj-6kav
Aliases:
CVE-2026-2783
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-ss9j-7jd7-nbf1
Aliases:
CVE-2026-2770
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-te1e-sjsk-bfd8
Aliases:
CVE-2026-2768
Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-ud33-vgxh-8khj
Aliases:
CVE-2026-2766
Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-vszp-vyxy-f7g7
Aliases:
CVE-2026-2781
Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-w4u8-25rz-gqeq
Aliases:
CVE-2026-2782
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-wagm-cq36-k7g3
Aliases:
CVE-2026-2760
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-wwdh-xmux-3qdq
Aliases:
CVE-2026-2759
Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-wwkc-4c69-cbea
Aliases:
CVE-2026-2784
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
VCID-xcbn-tkgg-4ben
Aliases:
CVE-2026-2772
Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T13:31:25.098666+00:00 RedHat Importer Affected by VCID-8vka-qus2-tbhj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2447.json 38.0.0
2026-04-01T13:31:19.175279+00:00 RedHat Importer Affected by VCID-1u8u-pnq3-t7ae https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2757.json 38.0.0
2026-04-01T13:31:18.020796+00:00 RedHat Importer Affected by VCID-azdd-vdn3-kffy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2758.json 38.0.0
2026-04-01T13:31:16.949398+00:00 RedHat Importer Affected by VCID-wwdh-xmux-3qdq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2759.json 38.0.0
2026-04-01T13:31:15.822074+00:00 RedHat Importer Affected by VCID-wagm-cq36-k7g3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2760.json 38.0.0
2026-04-01T13:31:14.696054+00:00 RedHat Importer Affected by VCID-7wmw-hpfw-vuaa https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2761.json 38.0.0
2026-04-01T13:31:13.580564+00:00 RedHat Importer Affected by VCID-hsc9-up4x-nbgs https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2762.json 38.0.0
2026-04-01T13:31:12.420897+00:00 RedHat Importer Affected by VCID-m3mp-su9k-sfhs https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2763.json 38.0.0
2026-04-01T13:31:11.306957+00:00 RedHat Importer Affected by VCID-6fsa-bnes-tkff https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2765.json 38.0.0
2026-04-01T13:31:10.184378+00:00 RedHat Importer Affected by VCID-b5jm-57h2-2qcs https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2764.json 38.0.0
2026-04-01T13:31:09.035129+00:00 RedHat Importer Affected by VCID-ud33-vgxh-8khj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2766.json 38.0.0
2026-04-01T13:31:07.867295+00:00 RedHat Importer Affected by VCID-ntqr-ptmu-yuen https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2767.json 38.0.0
2026-04-01T13:31:06.769535+00:00 RedHat Importer Affected by VCID-te1e-sjsk-bfd8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2768.json 38.0.0
2026-04-01T13:31:05.695711+00:00 RedHat Importer Affected by VCID-nhsr-4zux-2bck https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2769.json 38.0.0
2026-04-01T13:31:04.626572+00:00 RedHat Importer Affected by VCID-ss9j-7jd7-nbf1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2770.json 38.0.0
2026-04-01T13:31:03.549350+00:00 RedHat Importer Affected by VCID-p9zh-7wyj-hffm https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2771.json 38.0.0
2026-04-01T13:31:02.389084+00:00 RedHat Importer Affected by VCID-xcbn-tkgg-4ben https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2772.json 38.0.0
2026-04-01T13:31:01.301942+00:00 RedHat Importer Affected by VCID-r7vt-w149-9bfn https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2773.json 38.0.0
2026-04-01T13:31:00.153440+00:00 RedHat Importer Affected by VCID-mn6j-2wd1-ukfb https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2774.json 38.0.0
2026-04-01T13:30:59.013621+00:00 RedHat Importer Affected by VCID-8zy6-g8kn-hbdc https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2775.json 38.0.0
2026-04-01T13:30:57.903801+00:00 RedHat Importer Affected by VCID-q1pv-avug-juef https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2777.json 38.0.0
2026-04-01T13:30:56.734733+00:00 RedHat Importer Affected by VCID-gcnq-avax-aqcv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2776.json 38.0.0
2026-04-01T13:30:55.646457+00:00 RedHat Importer Affected by VCID-dxwp-5jfs-nuew https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2778.json 38.0.0
2026-04-01T13:30:54.519049+00:00 RedHat Importer Affected by VCID-5ept-fu7g-8kes https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2780.json 38.0.0
2026-04-01T13:30:53.321675+00:00 RedHat Importer Affected by VCID-b8dx-232z-qbbc https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2779.json 38.0.0
2026-04-01T13:30:52.195922+00:00 RedHat Importer Affected by VCID-vszp-vyxy-f7g7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2781.json 38.0.0
2026-04-01T13:30:51.095940+00:00 RedHat Importer Affected by VCID-w4u8-25rz-gqeq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2782.json 38.0.0
2026-04-01T13:30:49.956203+00:00 RedHat Importer Affected by VCID-sgwe-9xfj-6kav https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2783.json 38.0.0
2026-04-01T13:30:48.840947+00:00 RedHat Importer Affected by VCID-wwkc-4c69-cbea https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2784.json 38.0.0
2026-04-01T13:30:47.755957+00:00 RedHat Importer Affected by VCID-4xqc-36jb-63c2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2786.json 38.0.0
2026-04-01T13:30:46.677052+00:00 RedHat Importer Affected by VCID-cpez-x3zd-p7bu https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2785.json 38.0.0
2026-04-01T13:30:45.512432+00:00 RedHat Importer Affected by VCID-3gmj-y8qd-ufej https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2787.json 38.0.0
2026-04-01T13:30:44.385067+00:00 RedHat Importer Affected by VCID-1hay-xe3q-gyb4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2789.json 38.0.0
2026-04-01T13:30:43.266580+00:00 RedHat Importer Affected by VCID-qta2-8rnt-k7d1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2788.json 38.0.0
2026-04-01T13:30:42.147744+00:00 RedHat Importer Affected by VCID-3sg3-9yx7-fufa https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2790.json 38.0.0
2026-04-01T13:30:40.959596+00:00 RedHat Importer Affected by VCID-9zxb-j4ep-n7g9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2791.json 38.0.0
2026-04-01T13:30:39.818282+00:00 RedHat Importer Affected by VCID-1v2s-g46y-ybdc https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2792.json 38.0.0
2026-04-01T13:30:38.638275+00:00 RedHat Importer Affected by VCID-menq-g5ce-1yd8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2793.json 38.0.0