Debian Thunderbird vulnerabilities

CVE-2026-4686 [HIGH] CVE-2026-4686: firefox - Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerab... Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

CVE-2026-0877 [HIGH] CVE-2026-0877: firefox - Mitigation bypass in the DOM: Security component. This vulnerability affects Fir... Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. Scope: local sid: resolved (fixed in 147.0-1)

CVE-2026-4694 [HIGH] CVE-2026-4694: firefox - Incorrect boundary conditions, integer overflow in the Graphics component. This ... Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

CVE-2026-3889 [MEDIUM] CVE-2026-3889: thunderbird - Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and ... Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9. Scope: local bookworm: resolved (fixed in 1:140.9.0esr-1~deb12u1) bullseye: resolved (fixed in 1:140.9.0esr-1~deb11u1) forky: resolved (fixed in 1:140.9.0esr-1) sid: resolved (fixed in 1:140.9.0esr-1) trixie: resolved (fixed in 1:140.9.0esr-1~deb13u1)

CVE-2026-0885 [MEDIUM] CVE-2026-0885: firefox - Use-after-free in the JavaScript: GC component. This vulnerability affects Firef... Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. Scope: local sid: resolved (fixed in 147.0-1)

CVE-2026-0890 [MEDIUM] CVE-2026-0890: firefox - Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerab... Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. Scope: local sid: resolved (fixed in 147.0-1)

CVE-2026-0818 [MEDIUM] CVE-2026-0818: thunderbird - When a user explicitly requested Thunderbird to decrypt an inline OpenPGP messag... When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content re

CVE-2026-0887 [MEDIUM] CVE-2026-0887: firefox - Clickjacking issue, information disclosure in the PDF Viewer component. This vul... Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. Scope: local sid: resolved (fixed in 147.0-1)

CVE-2026-0886 [MEDIUM] CVE-2026-0886: firefox - Incorrect boundary conditions in the Graphics component. This vulnerability affe... Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. Scope: local sid: resolved (fixed in 147.0-1)

CVE-2026-0883 [MEDIUM] CVE-2026-0883: firefox - Information disclosure in the Networking component. This vulnerability affects F... Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. Scope: local sid: resolved (fixed in 147.0-1)

CVE-2026-2447 [HIGH] CVE-2026-2447: firefox - Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Fi... Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2. Scope: local sid: resolved (fixed in 147.0.4-1)

CVE-2026-4711 [CRITICAL] CVE-2026-4711: firefox - Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefo... Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved

CVE-2026-4712 [HIGH] CVE-2026-4712: firefox - Information disclosure in the Widget: Cocoa component. This vulnerability affect... Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved

CVE-2025-11710 [CRITICAL] CVE-2025-11710: firefox - A compromised web process using malicious IPC messages could have caused the pri... A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Scope: local sid: resolved (fixed in 144.0-1)

CVE-2025-1016 [CRITICAL] CVE-2025-1016: firefox - Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, ... Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Fi

CVE-2025-11708 [CRITICAL] CVE-2025-11708: firefox - Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects ... Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Scope: local sid: resolved (fixed in 144.0-1)

CVE-2025-4083 [CRITICAL] CVE-2025-4083: firefox - A process isolation vulnerability in Thunderbird stemmed from improper handling ... A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird <

CVE-2025-4918 [CRITICAL] CVE-2025-4918: firefox - An attacker was able to perform an out-of-bounds read or write on a JavaScript `... An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2. Scope: local sid: resolved (fixed in 138.0.4-1)

CVE-2025-14324 [CRITICAL] CVE-2025-14324: firefox - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability a... JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Scope: local sid: resolved (fixed in 146.0-1)

CVE-2025-9179 [CRITICAL] CVE-2025-9179: firefox - An attacker was able to perform memory corruption in the GMP process which proce... An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and T