VulnerableCode Package Details - pkg:rpm/redhat/thunderbird@140.9.0-1?arch=el8

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/thunderbird@140.9.0-1?arch=el8_8

Essentials
History (39)

purl	pkg:rpm/redhat/thunderbird@140.9.0-1?arch=el8_8

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5

Vulnerabilities affecting this package (39)

Vulnerability	Summary	Fixed by
VCID-13he-qsr4-h3d4 Aliases: CVE-2026-4709	Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-15j8-br8z-juf3 Aliases: CVE-2026-3889	Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-1fv1-edht-ufag Aliases: CVE-2026-4715	Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-23eu-22t2-cydd Aliases: CVE-2026-4714	Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-26d3-ctnj-7kbh Aliases: CVE-2026-4691	Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-289s-f2w6-53g9 Aliases: CVE-2026-4716	Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-351y-4nek-u3aw Aliases: CVE-2026-4698	JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-3grf-hwk1-3fh8 Aliases: CVE-2026-4719	Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-3kd3-hwzv-efbn Aliases: CVE-2026-4721	Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	There are no reported fixed by versions.
VCID-3xgu-7evz-mffw Aliases: CVE-2026-4705	Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-4q6w-tdk9-d3an Aliases: CVE-2026-4720	Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	There are no reported fixed by versions.
VCID-4r8e-64b6-bbbu Aliases: CVE-2026-4711	Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-646f-ndeq-5bee Aliases: CVE-2026-4687	Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-675n-7uzz-pqdj Aliases: CVE-2026-4688	Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-6mur-mtfg-97gt Aliases: CVE-2026-4371	A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data.	There are no reported fixed by versions.
VCID-8qyy-e4jt-rbc4 Aliases: CVE-2026-4695	Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-8xek-k5y2-6bfp Aliases: CVE-2026-4689	Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-b4bq-q3ga-3ff1 Aliases: CVE-2026-4707	Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-b6sf-z5tm-4uau Aliases: CVE-2026-4696	Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-e2k8-m9sm-8uek Aliases: CVE-2026-4699	Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-efvs-1tuf-guf4 Aliases: CVE-2026-4712	Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-ft6u-geds-fua9 Aliases: CVE-2026-4702	JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-gkva-6cu9-7keg Aliases: CVE-2026-4692	Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-hshc-4xnc-gug4 Aliases: CVE-2026-4704	Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-hstd-23qm-bqdg Aliases: CVE-2026-4717	Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-j1hb-8jjy-tqgq Aliases: CVE-2026-4693	Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-kuwd-6tcg-fuha Aliases: CVE-2026-4713	Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-m6uv-91wz-xfdv Aliases: CVE-2026-4700	Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-mm6w-kpe8-4kg3 Aliases: CVE-2026-4684	Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-nvsz-9s3r-nbhq Aliases: CVE-2026-4718	Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-qkks-24cp-gqg2 Aliases: CVE-2026-4706	Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-rp5h-ym8y-skbw Aliases: CVE-2026-4701	Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-t4t3-5pt5-ayds Aliases: CVE-2026-4685	Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-u3j3-fc4f-7ff7 Aliases: CVE-2026-4686	Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-wmyy-2cg3-wyhc Aliases: CVE-2026-4697	Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-wqw2-gjvu-6qbu Aliases: CVE-2026-4690	Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-wvx2-pba2-sqha Aliases: CVE-2026-4708	Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-yjc2-2whn-uug5 Aliases: CVE-2026-4694	Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.
VCID-ymak-rv52-h7a5 Aliases: CVE-2026-4710	Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:37:48.973900+00:00	RedHat Importer	Affected by	VCID-mm6w-kpe8-4kg3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4684.json	38.4.0
2026-04-16T13:37:47.940818+00:00	RedHat Importer	Affected by	VCID-u3j3-fc4f-7ff7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4686.json	38.4.0
2026-04-16T13:37:46.887976+00:00	RedHat Importer	Affected by	VCID-t4t3-5pt5-ayds	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4685.json	38.4.0
2026-04-16T13:37:45.755449+00:00	RedHat Importer	Affected by	VCID-646f-ndeq-5bee	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4687.json	38.4.0
2026-04-16T13:37:44.556808+00:00	RedHat Importer	Affected by	VCID-675n-7uzz-pqdj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4688.json	38.4.0
2026-04-16T13:37:43.436860+00:00	RedHat Importer	Affected by	VCID-wqw2-gjvu-6qbu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4690.json	38.4.0
2026-04-16T13:37:42.345085+00:00	RedHat Importer	Affected by	VCID-8xek-k5y2-6bfp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4689.json	38.4.0
2026-04-16T13:37:41.318262+00:00	RedHat Importer	Affected by	VCID-gkva-6cu9-7keg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4692.json	38.4.0
2026-04-16T13:37:40.262877+00:00	RedHat Importer	Affected by	VCID-26d3-ctnj-7kbh	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4691.json	38.4.0
2026-04-16T13:37:39.157883+00:00	RedHat Importer	Affected by	VCID-yjc2-2whn-uug5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4694.json	38.4.0
2026-04-16T13:37:38.123432+00:00	RedHat Importer	Affected by	VCID-j1hb-8jjy-tqgq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4693.json	38.4.0
2026-04-16T13:37:37.124777+00:00	RedHat Importer	Affected by	VCID-b6sf-z5tm-4uau	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4696.json	38.4.0
2026-04-16T13:37:36.078072+00:00	RedHat Importer	Affected by	VCID-8qyy-e4jt-rbc4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4695.json	38.4.0
2026-04-16T13:37:34.917573+00:00	RedHat Importer	Affected by	VCID-wmyy-2cg3-wyhc	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4697.json	38.4.0
2026-04-16T13:37:33.767597+00:00	RedHat Importer	Affected by	VCID-351y-4nek-u3aw	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4698.json	38.4.0
2026-04-16T13:37:32.674315+00:00	RedHat Importer	Affected by	VCID-m6uv-91wz-xfdv	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4700.json	38.4.0
2026-04-16T13:37:31.568131+00:00	RedHat Importer	Affected by	VCID-e2k8-m9sm-8uek	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4699.json	38.4.0
2026-04-16T13:37:30.461748+00:00	RedHat Importer	Affected by	VCID-rp5h-ym8y-skbw	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4701.json	38.4.0
2026-04-16T13:37:29.405153+00:00	RedHat Importer	Affected by	VCID-ft6u-geds-fua9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4702.json	38.4.0
2026-04-16T13:37:28.322723+00:00	RedHat Importer	Affected by	VCID-hshc-4xnc-gug4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4704.json	38.4.0
2026-04-16T13:37:27.252887+00:00	RedHat Importer	Affected by	VCID-3xgu-7evz-mffw	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4705.json	38.4.0
2026-04-16T13:37:26.115868+00:00	RedHat Importer	Affected by	VCID-b4bq-q3ga-3ff1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4707.json	38.4.0
2026-04-16T13:37:25.015878+00:00	RedHat Importer	Affected by	VCID-qkks-24cp-gqg2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4706.json	38.4.0
2026-04-16T13:37:23.896373+00:00	RedHat Importer	Affected by	VCID-wvx2-pba2-sqha	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4708.json	38.4.0
2026-04-16T13:37:22.750383+00:00	RedHat Importer	Affected by	VCID-ymak-rv52-h7a5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4710.json	38.4.0
2026-04-16T13:37:21.670415+00:00	RedHat Importer	Affected by	VCID-13he-qsr4-h3d4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4709.json	38.4.0
2026-04-16T13:37:20.559515+00:00	RedHat Importer	Affected by	VCID-4r8e-64b6-bbbu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4711.json	38.4.0
2026-04-16T13:37:19.382832+00:00	RedHat Importer	Affected by	VCID-kuwd-6tcg-fuha	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4713.json	38.4.0
2026-04-16T13:37:18.258486+00:00	RedHat Importer	Affected by	VCID-efvs-1tuf-guf4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4712.json	38.4.0
2026-04-16T13:37:17.127112+00:00	RedHat Importer	Affected by	VCID-23eu-22t2-cydd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4714.json	38.4.0
2026-04-16T13:37:15.986403+00:00	RedHat Importer	Affected by	VCID-1fv1-edht-ufag	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4715.json	38.4.0
2026-04-16T13:37:14.927814+00:00	RedHat Importer	Affected by	VCID-289s-f2w6-53g9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4716.json	38.4.0
2026-04-16T13:37:13.821108+00:00	RedHat Importer	Affected by	VCID-hstd-23qm-bqdg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4717.json	38.4.0
2026-04-16T13:37:12.710063+00:00	RedHat Importer	Affected by	VCID-3grf-hwk1-3fh8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4719.json	38.4.0
2026-04-16T13:37:11.553178+00:00	RedHat Importer	Affected by	VCID-nvsz-9s3r-nbhq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4718.json	38.4.0
2026-04-16T13:37:10.443485+00:00	RedHat Importer	Affected by	VCID-4q6w-tdk9-d3an	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4720.json	38.4.0
2026-04-16T13:37:09.245530+00:00	RedHat Importer	Affected by	VCID-3kd3-hwzv-efbn	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4721.json	38.4.0
2026-04-16T13:37:08.225841+00:00	RedHat Importer	Affected by	VCID-15j8-br8z-juf3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3889.json	38.4.0
2026-04-16T13:37:07.878285+00:00	RedHat Importer	Affected by	VCID-6mur-mtfg-97gt	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4371.json	38.4.0