Mozilla Thunderbird vulnerabilities

CVE-2026-8952 [HIGH] CWE-269 CVE-2026-8952: Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 15 Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

CVE-2026-8955 [HIGH] CWE-269 CVE-2026-8955: Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Fir Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

CVE-2026-8975 [HIGH] CWE-119 CVE-2026-8975: Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunde

CVE-2026-8963 [HIGH] CWE-290 CVE-2026-8963: Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderb Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

CVE-2026-8946 [HIGH] CWE-119 CVE-2026-8946: Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

CVE-2026-8947 [HIGH] CWE-416 CVE-2026-8947: Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

CVE-2026-8957 [HIGH] CWE-269 CVE-2026-8957: Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 1 Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

CVE-2026-8971 [MEDIUM] CWE-346 CVE-2026-8971: Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

CVE-2026-8961 [MEDIUM] CWE-290 CVE-2026-8961: Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

CVE-2026-44581 [MEDIUM] CWE-79 next.js: Next.js: Stored Cross-Site Scripting via malformed nonce values in cached responses next.js: Next.js: Stored Cross-Site Scripting via malformed nonce values in cached responses A flaw was found in Next.js. This vulnerability, a type of stored cross-site scripting (XSS), allows a remote attacker to inject malicious scripts into web pages. By manipulating nonce values derived from request headers, an attacker can poison cached responses, leading to arbitrar

CVE-2026-44576 [MEDIUM] CWE-444 Next.js: Next.js: Cache poisoning vulnerability in React Server Components Next.js: Next.js: Cache poisoning vulnerability in React Server Components A flaw was found in Next.js, a React framework for building web applications. This vulnerability, related to cache poisoning, affects applications utilizing React Server Components (RSC) when shared caches fail to properly partition response variants. A remote attacker can exploit this by causing an RSC response to

CVE-2026-44572 [MEDIUM] CWE-444 next.js: Next.js: Denial of Service due to improper handling of x-nextjs-data header with redirects next.js: Next.js: Denial of Service due to improper handling of x-nextjs-data header with redirects A flaw was found in Next.js. An external client could exploit this vulnerability by sending a x-nextjs-data header on a request to a path handled by middleware that returns a redirect. This action could cause the middleware or proxy to incorrectly process the request

CVE-2026-44582 [LOW] CWE-354 Next.js: Next.js: Cache poisoning allows incorrect response delivery Next.js: Next.js: Cache poisoning allows incorrect response delivery A flaw was found in Next.js. React Server Component responses are vulnerable to cache poisoning in deployments that use shared caches without proper response partitioning. An attacker can exploit collisions in the _rsc cache-busting value to poison cache entries. This allows users to receive incorrect response variants for a given

CVE-2026-8094 [CRITICAL] CWE-94 CVE-2026-8094: Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunde Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.

CVE-2026-8091 [CRITICAL] CWE-754 CVE-2026-8091: Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed i Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.

CVE-2026-8090 [HIGH] CWE-416 CVE-2026-8090: Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Fi Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.

CVE-2026-8092 [HIGH] CWE-125 CVE-2026-8092: Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some o Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbir

CVE-2026-8093 [HIGH] CWE-119 CVE-2026-8093: Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corrupti Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2 and Thunderbird 150.0.2.

CVE-2026-7321 [CRITICAL] CWE-120 CVE-2026-7321: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulner Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1.

CVE-2026-7323 [HIGH] CWE-119 CVE-2026-7323: Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs s Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.