Debian Thunderbird vulnerabilities

931 known vulnerabilities affecting debian/thunderbird.

Total CVEs

931

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL166HIGH358MEDIUM317LOW90

Vulnerabilities

Page 4 of 47

CVE-2026-0880HIGHCVSS 8.8fixed in firefox 147.0-1 (sid)2026

CVE-2026-0880 [HIGH] CVE-2026-0880: firefox - Sandbox escape due to integer overflow in the Graphics component. This vulnerabi... Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. Scope: local sid: resolved (fixed in 147.0-1)

debian

CVE-2026-4687HIGHCVSS 8.6fixed in firefox 149.0-1 (sid)2026

CVE-2026-4687 [HIGH] CVE-2026-4687: firefox - Sandbox escape due to incorrect boundary conditions in the Telemetry component. ... Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

debian

CVE-2026-4371HIGHCVSS 7.4fixed in thunderbird 1:140.9.0esr-1~deb12u1 (bookworm)2026

CVE-2026-4371 [HIGH] CVE-2026-4371: thunderbird - A malicious mail server could send malformed strings with negative lengths, caus... A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird < 149 and Thunderbir

debian

CVE-2026-4708HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026

CVE-2026-4708 [HIGH] CVE-2026-4708: firefox - Incorrect boundary conditions in the Graphics component. This vulnerability affe... Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

debian

CVE-2026-4699HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026

CVE-2026-4699 [HIGH] CVE-2026-4699: firefox - Incorrect boundary conditions in the Layout: Text and Fonts component. This vuln... Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

debian

CVE-2026-4718HIGHCVSS 8.1fixed in firefox 149.0-1 (sid)2026

CVE-2026-4718 [HIGH] CVE-2026-4718: firefox - Undefined behavior in the WebRTC: Signaling component. This vulnerability affect... Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

debian

CVE-2026-0878HIGHCVSS 8.0fixed in firefox 147.0-1 (sid)2026

CVE-2026-0878 [HIGH] CVE-2026-0878: firefox - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL... Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. Scope: local sid: resolved (fixed in 147.0-1)

debian

CVE-2026-0882HIGHCVSS 8.8fixed in firefox 147.0-1 (sid)2026

CVE-2026-0882 [HIGH] CVE-2026-0882: firefox - Use-after-free in the IPC component. This vulnerability affects Firefox < 147, F... Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. Scope: local sid: resolved (fixed in 147.0-1)

debian

CVE-2026-4706HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026

CVE-2026-4706 [HIGH] CVE-2026-4706: firefox - Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerab... Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

debian

CVE-2026-4719HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026

CVE-2026-4719 [HIGH] CVE-2026-4719: firefox - Incorrect boundary conditions in the Graphics: Text component. This vulnerabilit... Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

debian

CVE-2026-5732HIGHCVSS 8.8fixed in firefox 149.0.2-1 (sid)2026

CVE-2026-5732 [HIGH] CVE-2026-5732: firefox - Incorrect boundary conditions, integer overflow in the Graphics: Text component.... Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 140.9.1, Thunderbird < 149.0.2, and Thunderbird < 140.9.1. Scope: local sid: resolved (fixed in 149.0.2-1)

debian

CVE-2026-4685HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026

CVE-2026-4685 [HIGH] CVE-2026-4685: firefox - Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerab... Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

debian

CVE-2026-4697HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026

CVE-2026-4697 [HIGH] CVE-2026-4697: firefox - Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vul... Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

debian

CVE-2026-2783HIGHCVSS 7.5fixed in firefox 148.0-1 (sid)2026

CVE-2026-2783 [HIGH] CVE-2026-2783: firefox - Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT c... Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

debian

CVE-2026-4709HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026

CVE-2026-4709 [HIGH] CVE-2026-4709: firefox - Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerabil... Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

debian

CVE-2026-4707HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026

CVE-2026-4707 [HIGH] CVE-2026-4707: firefox - Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerab... Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

debian

CVE-2026-4713HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026

CVE-2026-4713 [HIGH] CVE-2026-4713: firefox - Incorrect boundary conditions in the Graphics component. This vulnerability affe... Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

debian

CVE-2026-2769HIGHCVSS 8.8fixed in firefox 148.0-1 (sid)2026

CVE-2026-2769 [HIGH] CVE-2026-2769: firefox - Use-after-free in the Storage: IndexedDB component. This vulnerability affects F... Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

debian

CVE-2026-4695HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026

CVE-2026-4695 [HIGH] CVE-2026-4695: firefox - Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vul... Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

debian

CVE-2026-4693HIGHCVSS 7.5fixed in firefox 149.0-1 (sid)2026

CVE-2026-4693 [HIGH] CVE-2026-4693: firefox - Incorrect boundary conditions in the Audio/Video: Playback component. This vulne... Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

debian

← Previous4 / 47Next →