Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:19153 - Security Advisory
Issued:
2026-05-19
Updated:
2026-05-19

RHSA-2026:19153 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

  • firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 (CVE-2026-7323)
  • firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component (CVE-2026-7320)
  • firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 (CVE-2026-7322)
  • firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-7321)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x

Fixes

  • BZ - 2463481 - CVE-2026-7323 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1
  • BZ - 2463483 - CVE-2026-7320 firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component
  • BZ - 2463484 - CVE-2026-7322 firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1
  • BZ - 2463485 - CVE-2026-7321 firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component

CVEs

  • CVE-2026-7320
  • CVE-2026-7321
  • CVE-2026-7322
  • CVE-2026-7323

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 10

SRPM
thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82
x86_64
thunderbird-140.10.1-1.el10_2.x86_64.rpm SHA-256: c500f551b427cb53be4c4b4ccce39693da264664c0af1c21988182858a85a12c
thunderbird-debuginfo-140.10.1-1.el10_2.x86_64.rpm SHA-256: a0ca92cf763629ab34dad92a342cfc7c19a3b188644551e899d9a04ddc987ee7
thunderbird-debugsource-140.10.1-1.el10_2.x86_64.rpm SHA-256: 9565f61f509d7beed1627e8a7bc6464c3f400d6590685aebbcb6a7bb669ccff7

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2

SRPM
thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82
x86_64
thunderbird-140.10.1-1.el10_2.x86_64.rpm SHA-256: c500f551b427cb53be4c4b4ccce39693da264664c0af1c21988182858a85a12c
thunderbird-debuginfo-140.10.1-1.el10_2.x86_64.rpm SHA-256: a0ca92cf763629ab34dad92a342cfc7c19a3b188644551e899d9a04ddc987ee7
thunderbird-debugsource-140.10.1-1.el10_2.x86_64.rpm SHA-256: 9565f61f509d7beed1627e8a7bc6464c3f400d6590685aebbcb6a7bb669ccff7

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82
s390x
thunderbird-140.10.1-1.el10_2.s390x.rpm SHA-256: 970898c45b81bcbd3e67228219a67d1efa4de86c8ccd7de707f0b285ba749d09
thunderbird-debuginfo-140.10.1-1.el10_2.s390x.rpm SHA-256: 7419b4f901d17aaf2fa9133000c524441242b722d47b2e88cb2ced823943b64b
thunderbird-debugsource-140.10.1-1.el10_2.s390x.rpm SHA-256: b39a8c3a912962930c96e637e731121798512ac5086346e189dd38d3ea8e1abc

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2

SRPM
thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82
s390x
thunderbird-140.10.1-1.el10_2.s390x.rpm SHA-256: 970898c45b81bcbd3e67228219a67d1efa4de86c8ccd7de707f0b285ba749d09
thunderbird-debuginfo-140.10.1-1.el10_2.s390x.rpm SHA-256: 7419b4f901d17aaf2fa9133000c524441242b722d47b2e88cb2ced823943b64b
thunderbird-debugsource-140.10.1-1.el10_2.s390x.rpm SHA-256: b39a8c3a912962930c96e637e731121798512ac5086346e189dd38d3ea8e1abc

Red Hat Enterprise Linux for Power, little endian 10

SRPM
thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82
ppc64le
thunderbird-140.10.1-1.el10_2.ppc64le.rpm SHA-256: 0b64ef47f2d8e7b3d5b6927b7f6f97ae9cc48bbeed9fc9fc5fe15e58c136ec29
thunderbird-debuginfo-140.10.1-1.el10_2.ppc64le.rpm SHA-256: e74b5474b5576c83984e0a319d47d25d0c16e610d19b67589496529202df99b6
thunderbird-debugsource-140.10.1-1.el10_2.ppc64le.rpm SHA-256: 557659cfad184713f816b7ec8e15742d90cab0f037f0e93279c2a3d128fd1ea1

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2

SRPM
thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82
ppc64le
thunderbird-140.10.1-1.el10_2.ppc64le.rpm SHA-256: 0b64ef47f2d8e7b3d5b6927b7f6f97ae9cc48bbeed9fc9fc5fe15e58c136ec29
thunderbird-debuginfo-140.10.1-1.el10_2.ppc64le.rpm SHA-256: e74b5474b5576c83984e0a319d47d25d0c16e610d19b67589496529202df99b6
thunderbird-debugsource-140.10.1-1.el10_2.ppc64le.rpm SHA-256: 557659cfad184713f816b7ec8e15742d90cab0f037f0e93279c2a3d128fd1ea1

Red Hat Enterprise Linux for ARM 64 10

SRPM
thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82
aarch64
thunderbird-140.10.1-1.el10_2.aarch64.rpm SHA-256: 6db3dc3d87a65f92649e6f1132eb79e8959c5ca3d8b9cb272d1a0c3f0e762ab3
thunderbird-debuginfo-140.10.1-1.el10_2.aarch64.rpm SHA-256: 7e4b047ee7cfa3cb53f69d563bbbdb54ed344b7e57eed266d716ac0fc7d27aac
thunderbird-debugsource-140.10.1-1.el10_2.aarch64.rpm SHA-256: 3d4b51732ad1ac552ea520851d22c5182f8a5a5746c45ca22a46b07a2a6a14fc

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2

SRPM
thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82
aarch64
thunderbird-140.10.1-1.el10_2.aarch64.rpm SHA-256: 6db3dc3d87a65f92649e6f1132eb79e8959c5ca3d8b9cb272d1a0c3f0e762ab3
thunderbird-debuginfo-140.10.1-1.el10_2.aarch64.rpm SHA-256: 7e4b047ee7cfa3cb53f69d563bbbdb54ed344b7e57eed266d716ac0fc7d27aac
thunderbird-debugsource-140.10.1-1.el10_2.aarch64.rpm SHA-256: 3d4b51732ad1ac552ea520851d22c5182f8a5a5746c45ca22a46b07a2a6a14fc

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2

SRPM
thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82
aarch64
thunderbird-140.10.1-1.el10_2.aarch64.rpm SHA-256: 6db3dc3d87a65f92649e6f1132eb79e8959c5ca3d8b9cb272d1a0c3f0e762ab3
thunderbird-debuginfo-140.10.1-1.el10_2.aarch64.rpm SHA-256: 7e4b047ee7cfa3cb53f69d563bbbdb54ed344b7e57eed266d716ac0fc7d27aac
thunderbird-debugsource-140.10.1-1.el10_2.aarch64.rpm SHA-256: 3d4b51732ad1ac552ea520851d22c5182f8a5a5746c45ca22a46b07a2a6a14fc

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2

SRPM
thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82
s390x
thunderbird-140.10.1-1.el10_2.s390x.rpm SHA-256: 970898c45b81bcbd3e67228219a67d1efa4de86c8ccd7de707f0b285ba749d09
thunderbird-debuginfo-140.10.1-1.el10_2.s390x.rpm SHA-256: 7419b4f901d17aaf2fa9133000c524441242b722d47b2e88cb2ced823943b64b
thunderbird-debugsource-140.10.1-1.el10_2.s390x.rpm SHA-256: b39a8c3a912962930c96e637e731121798512ac5086346e189dd38d3ea8e1abc

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2

SRPM
thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82
ppc64le
thunderbird-140.10.1-1.el10_2.ppc64le.rpm SHA-256: 0b64ef47f2d8e7b3d5b6927b7f6f97ae9cc48bbeed9fc9fc5fe15e58c136ec29
thunderbird-debuginfo-140.10.1-1.el10_2.ppc64le.rpm SHA-256: e74b5474b5576c83984e0a319d47d25d0c16e610d19b67589496529202df99b6
thunderbird-debugsource-140.10.1-1.el10_2.ppc64le.rpm SHA-256: 557659cfad184713f816b7ec8e15742d90cab0f037f0e93279c2a3d128fd1ea1

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2

SRPM
thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82
x86_64
thunderbird-140.10.1-1.el10_2.x86_64.rpm SHA-256: c500f551b427cb53be4c4b4ccce39693da264664c0af1c21988182858a85a12c
thunderbird-debuginfo-140.10.1-1.el10_2.x86_64.rpm SHA-256: a0ca92cf763629ab34dad92a342cfc7c19a3b188644551e899d9a04ddc987ee7
thunderbird-debugsource-140.10.1-1.el10_2.x86_64.rpm SHA-256: 9565f61f509d7beed1627e8a7bc6464c3f400d6590685aebbcb6a7bb669ccff7

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2

SRPM
thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82
x86_64
thunderbird-140.10.1-1.el10_2.x86_64.rpm SHA-256: c500f551b427cb53be4c4b4ccce39693da264664c0af1c21988182858a85a12c
thunderbird-debuginfo-140.10.1-1.el10_2.x86_64.rpm SHA-256: a0ca92cf763629ab34dad92a342cfc7c19a3b188644551e899d9a04ddc987ee7
thunderbird-debugsource-140.10.1-1.el10_2.x86_64.rpm SHA-256: 9565f61f509d7beed1627e8a7bc6464c3f400d6590685aebbcb6a7bb669ccff7

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2

SRPM
thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82
aarch64
thunderbird-140.10.1-1.el10_2.aarch64.rpm SHA-256: 6db3dc3d87a65f92649e6f1132eb79e8959c5ca3d8b9cb272d1a0c3f0e762ab3
thunderbird-debuginfo-140.10.1-1.el10_2.aarch64.rpm SHA-256: 7e4b047ee7cfa3cb53f69d563bbbdb54ed344b7e57eed266d716ac0fc7d27aac
thunderbird-debugsource-140.10.1-1.el10_2.aarch64.rpm SHA-256: 3d4b51732ad1ac552ea520851d22c5182f8a5a5746c45ca22a46b07a2a6a14fc

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2

SRPM
thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82
ppc64le
thunderbird-140.10.1-1.el10_2.ppc64le.rpm SHA-256: 0b64ef47f2d8e7b3d5b6927b7f6f97ae9cc48bbeed9fc9fc5fe15e58c136ec29
thunderbird-debuginfo-140.10.1-1.el10_2.ppc64le.rpm SHA-256: e74b5474b5576c83984e0a319d47d25d0c16e610d19b67589496529202df99b6
thunderbird-debugsource-140.10.1-1.el10_2.ppc64le.rpm SHA-256: 557659cfad184713f816b7ec8e15742d90cab0f037f0e93279c2a3d128fd1ea1

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2

SRPM
thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82
s390x
thunderbird-140.10.1-1.el10_2.s390x.rpm SHA-256: 970898c45b81bcbd3e67228219a67d1efa4de86c8ccd7de707f0b285ba749d09
thunderbird-debuginfo-140.10.1-1.el10_2.s390x.rpm SHA-256: 7419b4f901d17aaf2fa9133000c524441242b722d47b2e88cb2ced823943b64b
thunderbird-debugsource-140.10.1-1.el10_2.s390x.rpm SHA-256: b39a8c3a912962930c96e637e731121798512ac5086346e189dd38d3ea8e1abc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility