Red Hat Product Errata RHSA-2026:4260 - Security Advisory
Issued:
2026-03-11
Updated:
2026-03-11

RHSA-2026:4260 - Security Advisory

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

  • libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)
  • firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)
  • firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2793)
  • firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)
  • firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)
  • firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software (CVE-2026-2776)
  • firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)
  • firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)
  • firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)
  • firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)
  • firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)
  • firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-2783)
  • firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)
  • firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)
  • firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)
  • firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)
  • firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)
  • firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)
  • firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)
  • firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)
  • firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)
  • firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2792)
  • firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)
  • firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)
  • firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)
  • firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)
  • firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component (CVE-2026-2760)
  • firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)
  • firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)
  • firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)
  • firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)
  • firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)
  • firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)
  • firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)
  • firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component (CVE-2026-2778)
  • firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)
  • firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)
  • firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2440219 - CVE-2026-2447 libvpx: Heap buffer overflow in libvpx
  • BZ - 2442284 - CVE-2026-2785 firefox: thunderbird: Invalid pointer in the JavaScript Engine component
  • BZ - 2442287 - CVE-2026-2793 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
  • BZ - 2442288 - CVE-2026-2771 firefox: thunderbird: Undefined behavior in the DOM: Core & HTML component
  • BZ - 2442290 - CVE-2026-2774 firefox: thunderbird: Integer overflow in the Audio/Video component
  • BZ - 2442291 - CVE-2026-2776 firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software
  • BZ - 2442292 - CVE-2026-2781 firefox: thunderbird: Integer overflow in the Libraries component in NSS
  • BZ - 2442294 - CVE-2026-2766 firefox: thunderbird: Use-after-free in the JavaScript Engine: JIT component
  • BZ - 2442295 - CVE-2026-2769 firefox: thunderbird: Use-after-free in the Storage: IndexedDB component
  • BZ - 2442297 - CVE-2026-2787 firefox: thunderbird: Use-after-free in the DOM: Window and Location component
  • BZ - 2442298 - CVE-2026-2768 firefox: thunderbird: Sandbox escape in the Storage: IndexedDB component
  • BZ - 2442300 - CVE-2026-2783 firefox: thunderbird: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component
  • BZ - 2442302 - CVE-2026-2788 firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component
  • BZ - 2442304 - CVE-2026-2784 firefox: thunderbird: Mitigation bypass in the DOM: Security component
  • BZ - 2442307 - CVE-2026-2759 firefox: thunderbird: Incorrect boundary conditions in the Graphics: ImageLib component
  • BZ - 2442308 - CVE-2026-2762 firefox: thunderbird: Integer overflow in the JavaScript: Standard Library component
  • BZ - 2442309 - CVE-2026-2761 firefox: thunderbird: Sandbox escape in the Graphics: WebRender component
  • BZ - 2442312 - CVE-2026-2777 firefox: thunderbird: Privilege escalation in the Messaging System component
  • BZ - 2442313 - CVE-2026-2790 firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component
  • BZ - 2442314 - CVE-2026-2775 firefox: thunderbird: Mitigation bypass in the DOM: HTML Parser component
  • BZ - 2442316 - CVE-2026-2763 firefox: thunderbird: Use-after-free in the JavaScript Engine component
  • BZ - 2442318 - CVE-2026-2792 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
  • BZ - 2442319 - CVE-2026-2773 firefox: thunderbird: Incorrect boundary conditions in the Web Audio component
  • BZ - 2442320 - CVE-2026-2786 firefox: thunderbird: Use-after-free in the JavaScript Engine component
  • BZ - 2442322 - CVE-2026-2789 firefox: thunderbird: Use-after-free in the Graphics: ImageLib component
  • BZ - 2442324 - CVE-2026-2757 firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component
  • BZ - 2442325 - CVE-2026-2760 firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component
  • BZ - 2442326 - CVE-2026-2772 firefox: thunderbird: Use-after-free in the Audio/Video: Playback component
  • BZ - 2442327 - CVE-2026-2779 firefox: thunderbird: Incorrect boundary conditions in the Networking: JAR component
  • BZ - 2442328 - CVE-2026-2767 firefox: thunderbird: Use-after-free in the JavaScript: WebAssembly component
  • BZ - 2442329 - CVE-2026-2764 firefox: thunderbird: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component
  • BZ - 2442331 - CVE-2026-2782 firefox: thunderbird: Privilege escalation in the Netmonitor component
  • BZ - 2442333 - CVE-2026-2765 firefox: thunderbird: Use-after-free in the JavaScript Engine component
  • BZ - 2442334 - CVE-2026-2780 firefox: thunderbird: Privilege escalation in the Netmonitor component
  • BZ - 2442335 - CVE-2026-2778 firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component
  • BZ - 2442337 - CVE-2026-2758 firefox: thunderbird: Use-after-free in the JavaScript: GC component
  • BZ - 2442342 - CVE-2026-2791 firefox: thunderbird: Mitigation bypass in the Networking: Cache component
  • BZ - 2442343 - CVE-2026-2770 firefox: thunderbird: Use-after-free in the DOM: Bindings (WebIDL) component

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
thunderbird-140.8.0-2.el10_0.src.rpm SHA-256: 709bebacb5040a71834a1cce606e129a4f22c0105fa97f681d7d0b96d1727a86
x86_64
thunderbird-140.8.0-2.el10_0.x86_64.rpm SHA-256: 52a74f38bc00314f4c795f550736d2b87a7acb837ed37d033f5c121ccba5bf04
thunderbird-debuginfo-140.8.0-2.el10_0.x86_64.rpm SHA-256: 605ae7d3faf00f32d43f62292a6e338cda660a1a699a8213c54c606ab36ae767
thunderbird-debugsource-140.8.0-2.el10_0.x86_64.rpm SHA-256: fde2bf6e562ae56288db8a30dc4149bfcd671952a9d4e5df75c95b3badfc360b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
thunderbird-140.8.0-2.el10_0.src.rpm SHA-256: 709bebacb5040a71834a1cce606e129a4f22c0105fa97f681d7d0b96d1727a86
s390x
thunderbird-140.8.0-2.el10_0.s390x.rpm SHA-256: 61dc5d433dd2e18a9bf7c0090df96291f6768880a73946668ebae6d4e82cced5
thunderbird-debuginfo-140.8.0-2.el10_0.s390x.rpm SHA-256: b373b4675c972c285b0a7e82204dd87da9aa25aff819797c6647519d72338c49
thunderbird-debugsource-140.8.0-2.el10_0.s390x.rpm SHA-256: 37d3ceffe1933bbc1a13d27ed52dedd79deabab6383cf28b0041bc0bf541fd20

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
thunderbird-140.8.0-2.el10_0.src.rpm SHA-256: 709bebacb5040a71834a1cce606e129a4f22c0105fa97f681d7d0b96d1727a86
ppc64le
thunderbird-140.8.0-2.el10_0.ppc64le.rpm SHA-256: 77240c89d194123ac2a016148e521ad3ca0934b671ddf635f105a1cbac68cbf7
thunderbird-debuginfo-140.8.0-2.el10_0.ppc64le.rpm SHA-256: 61fa28744a9bbe22b70fed6189f3926799718e1a26da38ab05b2a27ff930b6a8
thunderbird-debugsource-140.8.0-2.el10_0.ppc64le.rpm SHA-256: 460de3f816df983542ff58ea3bedeb375d8efab5eb2eb479a73dc40a6c55f608

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
thunderbird-140.8.0-2.el10_0.src.rpm SHA-256: 709bebacb5040a71834a1cce606e129a4f22c0105fa97f681d7d0b96d1727a86
aarch64
thunderbird-140.8.0-2.el10_0.aarch64.rpm SHA-256: 10a33a87bb857d3f88b85425fd554b2f29e2cc98f4f6b1701f270879a8e96bb6
thunderbird-debuginfo-140.8.0-2.el10_0.aarch64.rpm SHA-256: 6d6d2d9312086254b6e75fff77d2e7cb74e950f2d704d3b901d83bd2f3fcd427
thunderbird-debugsource-140.8.0-2.el10_0.aarch64.rpm SHA-256: 3b552ddb20255f6c204043e4997d851f82f6b2b2ad5f58350d1ce72354606a45

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
thunderbird-140.8.0-2.el10_0.src.rpm SHA-256: 709bebacb5040a71834a1cce606e129a4f22c0105fa97f681d7d0b96d1727a86
aarch64
thunderbird-140.8.0-2.el10_0.aarch64.rpm SHA-256: 10a33a87bb857d3f88b85425fd554b2f29e2cc98f4f6b1701f270879a8e96bb6
thunderbird-debuginfo-140.8.0-2.el10_0.aarch64.rpm SHA-256: 6d6d2d9312086254b6e75fff77d2e7cb74e950f2d704d3b901d83bd2f3fcd427
thunderbird-debugsource-140.8.0-2.el10_0.aarch64.rpm SHA-256: 3b552ddb20255f6c204043e4997d851f82f6b2b2ad5f58350d1ce72354606a45

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
thunderbird-140.8.0-2.el10_0.src.rpm SHA-256: 709bebacb5040a71834a1cce606e129a4f22c0105fa97f681d7d0b96d1727a86
s390x
thunderbird-140.8.0-2.el10_0.s390x.rpm SHA-256: 61dc5d433dd2e18a9bf7c0090df96291f6768880a73946668ebae6d4e82cced5
thunderbird-debuginfo-140.8.0-2.el10_0.s390x.rpm SHA-256: b373b4675c972c285b0a7e82204dd87da9aa25aff819797c6647519d72338c49
thunderbird-debugsource-140.8.0-2.el10_0.s390x.rpm SHA-256: 37d3ceffe1933bbc1a13d27ed52dedd79deabab6383cf28b0041bc0bf541fd20

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
thunderbird-140.8.0-2.el10_0.src.rpm SHA-256: 709bebacb5040a71834a1cce606e129a4f22c0105fa97f681d7d0b96d1727a86
ppc64le
thunderbird-140.8.0-2.el10_0.ppc64le.rpm SHA-256: 77240c89d194123ac2a016148e521ad3ca0934b671ddf635f105a1cbac68cbf7
thunderbird-debuginfo-140.8.0-2.el10_0.ppc64le.rpm SHA-256: 61fa28744a9bbe22b70fed6189f3926799718e1a26da38ab05b2a27ff930b6a8
thunderbird-debugsource-140.8.0-2.el10_0.ppc64le.rpm SHA-256: 460de3f816df983542ff58ea3bedeb375d8efab5eb2eb479a73dc40a6c55f608

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
thunderbird-140.8.0-2.el10_0.src.rpm SHA-256: 709bebacb5040a71834a1cce606e129a4f22c0105fa97f681d7d0b96d1727a86
x86_64
thunderbird-140.8.0-2.el10_0.x86_64.rpm SHA-256: 52a74f38bc00314f4c795f550736d2b87a7acb837ed37d033f5c121ccba5bf04
thunderbird-debuginfo-140.8.0-2.el10_0.x86_64.rpm SHA-256: 605ae7d3faf00f32d43f62292a6e338cda660a1a699a8213c54c606ab36ae767
thunderbird-debugsource-140.8.0-2.el10_0.x86_64.rpm SHA-256: fde2bf6e562ae56288db8a30dc4149bfcd671952a9d4e5df75c95b3badfc360b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.