This Debian Security Advisory addresses multiple critical vulnerabilities (CVE-2026-7320, CVE-2026-7321, CVE-2026-7322) in Thunderbird, which could lead to arbitrary code execution. The most severe issue, CVE-2026-7321, has a CVSS 3.1 score of 9.6 (CRITICAL). Affected Thunderbird versions are those prior to 140.10.1 and prior to 150.0.1, with the fixed versions for Debian distributions being 1:140.10.1esr-1~deb12u1 for bookworm and 1:140.10.1esr-1~deb13u1 for trixie.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6242-1] thunderbird security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6242-1] thunderbird security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Fri, 1 May 2026 18:06:48 +0000 Message-id: <[🔎] afTruDT5hkEDO8OH@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6242-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 01, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : thunderbird CVE ID : CVE-2026-7320 CVE-2026-7321 CVE-2026-7322 CVE-2026-7323 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed in version 1:140.10.1esr-1~deb12u1. For the stable distribution (trixie), these problems have been fixed in version 1:140.10.1esr-1~deb13u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmn065IACgkQEMKTtsN8 TjaBCg/+KQ+GDOupTDKtYgB7XVPyiYdPQv8LZnhl9yCuI+hitzwyEXqyAPgIXA0W NSe/QbHMqnPZ0jW6CRqDpwF0uH97IVuLX3JzjbZmIoe4Qzzt2kCfpkksLL/CZcbM rjs7IckRCYNnSX2L2ybK/m7eh4p2g3EVXbe48UOhNLKyE4uYlg5JhOPbfzW9Ygw4 PHBzioEZSLzxx7+FODFaaRoIcU6QKmfS4CM2KVnSR0/anVbIgNFCpIjvV0vgk1ag ydjnQQt6emkAEJDyyxRm1hZ4kOl/r6glDKE9GoKDc1cKY0xThG3M9Kp/3qB+jvcz naOHE501N2UL3c6Mt+DQr+0td8Z8pDThqHeF2B1hAiBmo9spOFAt4qqLx1+Dx4nB NVoAI3eAyrN692fxyjLv5FQO/cPDsTDcJIY1RwPVHV0CKryNxuzY3jpYm5OYw5Oj xrtAj5jtEDZCJLsExcKi2XjBWWHHRYkH7e6cjaT80kfdp3xK5TJ9QKGbr/Hm0Wu9 9T6uBBPrRFybbwJKvwLEqwbS8HTbraJDh5tKPHxNKLoTZT4Os8m+s9ayvp0WK+pB Uj52EbJq3Q94hxLYxDz9g+3RP2VE8uBZQFdeFYIwsmJCjVCYbBJdPDlQiljt0ltL RuR2OTQEcMxXaNKgPTqbsUehyTOEiGz7SpsQTEojC0HZAlNCDGI= =81m+ -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6141-1] python-aiohttp security update Next by Date: [SECURITY] [DSA 6243-1] linux security update Previous by thread: [SECURITY] [DSA 6141-1] python-aiohttp security update Next by thread: [SECURITY] [DSA 6243-1] linux security update Index(es): Date Thread