Mozilla Thunderbird vulnerabilities

CVE-2026-4713 [HIGH] CVE-2026-4713: Incorrect boundary conditions in the Graphics component Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4719 [HIGH] CVE-2026-4719: Incorrect boundary conditions in the Graphics: Text component Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-3889 [MEDIUM] CWE-451 CVE-2026-3889: Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9 Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.

CVE-2026-4728 [MEDIUM] CWE-290 CVE-2026-4728: Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

CVE-2026-2762 [CRITICAL] CWE-190 CVE-2026-2762: Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Fire Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVE-2026-2782 [CRITICAL] CWE-269 CVE-2026-2782: Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firef Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVE-2026-2763 [CRITICAL] CWE-416 CVE-2026-2763: Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Fire Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVE-2026-2781 [CRITICAL] CWE-190 CVE-2026-2781: Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Fir Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVE-2026-2757 [CRITICAL] CWE-1384 CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVE-2026-2775 [CRITICAL] CWE-288 CVE-2026-2775: Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Fi Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVE-2026-2807 [CRITICAL] CWE-787 CVE-2026-2807: Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

CVE-2026-2788 [CRITICAL] CWE-119 CVE-2026-2788: Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Fir Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVE-2026-2771 [CRITICAL] CWE-125 CVE-2026-2771: Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, F Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVE-2026-2793 [CRITICAL] CWE-787 CVE-2026-2793: Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Fire

CVE-2026-2805 [CRITICAL] CWE-824 CVE-2026-2805: Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and T Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

CVE-2026-2773 [CRITICAL] CWE-119 CVE-2026-2773: Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 14 Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVE-2026-2789 [CRITICAL] CWE-416 CVE-2026-2789: Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Fir Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVE-2026-2761 [CRITICAL] CWE-693 CVE-2026-2761: Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Fi Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVE-2026-2768 [CRITICAL] CWE-284 CVE-2026-2768: Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Fir Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVE-2026-2767 [CRITICAL] CWE-416 CVE-2026-2767: Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.