Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:13342: Important: thunderbird security update

cve-2026-33416red-hatcve-2026-33636cve-2026-5734cve-2026-5731
This Important Thunderbird update addresses multiple critical vulnerabilities, including a use-after-free in libpng (CVE-2026-33416, CVSS 7.5 HIGH) allowing arbitrary code execution, and memory safety bugs in Thunderbird/Firefox (CVE-2026-5734, CVSS 9.8 CRITICAL). Affected versions are Thunderbird versions prior to 140.9.1 and 149.0.2, and libpng versions from 1.2.1 through 1.6.55. The fix requires updating Thunderbird to version 140.9.1 or 149.0.2, which includes the patched libpng 1.6.56.
Read Full Article →

Red Hat Product Errata RHSA-2026:13342 - Security Advisory Issued: 2026-05-04 Updated: 2026-05-04 RHSA-2026:13342 - Security Advisory Overview Updated Packages Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416) libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636) thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5734) thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5731) firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component (CVE-2026-5732) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2451805 - CVE-2026-33416 libpng: libpng: Arbitrary code execution due to use-after-free vulnerability BZ - 2451819 - CVE-2026-33636 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion BZ - 2455897 - CVE-2026-5734 thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 BZ - 2455901 - CVE-2026-5731 thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 BZ - 2455908 - CVE-2026-5732 firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component CVEs CVE-2026-5731 CVE-2026-5732 CVE-2026-5734 CVE-2026-33416 CVE-2026-33636 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM thunderbird-140.9.1-1.el9_6.src.rpm SHA-256: 30e940a4f73828b894c02789535236990092e0af48a27a3e9185005779043707 x86_64 thunderbird-140.9.1-1.el9_6.x86_64.rpm SHA-256: 4f744ab8fbb2b3474a63850e4fab4992782962955c23e2f735221b9ecf592412 thunderbird-debuginfo-140.9.1-1.el9_6.x86_64.rpm SHA-256: 8427ee0f80f00c9620d0e7200c7b12cb1cc5279532107805534de6229d459395 thunderbird-debugsource-140.9.1-1.el9_6.x86_64.rpm SHA-256: 5e181207552a76b3dd7505f99f0f15ecd7ece2726f15ecf90518152ae2736311 Red Hat Enterprise Linux Server - AUS 9.6 SRPM thunderbird-140.9.1-1.el9_6.src.rpm SHA-256: 30e940a4f73828b894c02789535236990092e0af48a27a3e9185005779043707 x86_64 thunderbird-140.9.1-1.el9_6.x86_64.rpm SHA-256: 4f744ab8fbb2b3474a63850e4fab4992782962955c23e2f735221b9ecf592412 thunderbird-debuginfo-140.9.1-1.el9_6.x86_64.rpm SHA-256: 8427ee0f80f00c9620d0e7200c7b12cb1cc5279532107805534de6229d459395 thunderbird-debugsource-140.9.1-1.el9_6.x86_64.rpm SHA-256: 5e181207552a76b3dd7505f99f0f15ecd7ece2726f15ecf90518152ae2736311 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM thunderbird-140.9.1-1.el9_6.src.rpm SHA-256: 30e940a4f73828b894c02789535236990092e0af48a27a3e9185005779043707 s390x thunderbird-140.9.1-1.el9_6.s390x.rpm SHA-256: 165c2b294959ce10cbd8a295994fd5b59782a19cc77f5dae2276ce27a145f1d8 thunderbird-debuginfo-140.9.1-1.el9_6.s390x.rpm SHA-256: 7262d48087c48ec9cd1670d78af1cb881ec75942dcee99e472adb45a33729006 thunderbird-debugsource-140.9.1-1.el9_6.s390x.rpm SHA-256: 5f2d33539c194f6503eec362f1ec94118346fbd7ce7459bf88c44a02a1293c33 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM thunderbird-140.9.1-1.el9_6.src.rpm SHA-256: 30e940a4f73828b894c02789535236990092e0af48a27a3e9185005779043707 ppc64le thunderbird-140.9.1-1.el9_6.ppc64le.rpm SHA-256: 21c5347d1b6131849ebe436d6869b0dad47d367eb45e4857d60187d55146b1b2 thunderbird-debuginfo-140.9.1-1.el9_6.ppc64le.rpm SHA-256: 3b50e272945f8caf4036120313d18613280d70cf2abaa3518f5c7b55c369fc9c thunderbird-debugsource-140.9.1-1.el9_6.ppc64le.rpm SHA-256: 43b19461fd1d5ebba2fc5052b2bbe11157544c430eca30840db7515287de7b57 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 SRPM thunderbird-140.9.1-1.el9_6.src.rpm SHA-256: 30e940a4f73828b894c02789535236990092e0af48a27a3e9185005779043707 aarch64 thunderbird-140.9.1-1.el9_6.aarch64.rpm SHA-256: c90f96facc29ebd7300e9c6899ef23896e56d4db2a7b594c8faa19af6dc851a7 thunderbird-debuginfo-140.9.1-1.el9_6.aarch64.rpm SHA-256: b20fea66bf9f7735e2d18697292004a8dd068dfdabe644f3db35c6cb5856d755 thunderbird-debugsource-140.9.1-1.el9_6.aarch64.rpm SHA-256: 39a35519e00785d5dd560c69f6c708aeb9099555495bbaf77367c621a07f1f23 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 SRPM thunderbird-140.9.1-1.el9_6.src.rpm SHA-256: 30e940a4f73828b894c02789535236990092e0af48a27a3e9185005779043707 ppc64le thunderbird-140.9.1-1.el9_6.ppc64le.rpm SHA-256: 21c5347d1b6131849ebe436d6869b0dad47d367eb45e4857d60187d55146b1b2 thunderbird-debuginfo-140.9.1-1.el9_6.ppc64le.rpm SHA-256: 3b50e272945f8caf4036120313d18613280d70cf2abaa3518f5c7b55c369fc9c thunderbird-debugsource-140.9.1-1.el9_6.ppc64le.rpm SHA-256: 43b19461fd1d5ebba2fc5052b2bbe11157544c430eca30840db7515287de7b57 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 SRPM thunderbird-140.9.1-1.el9_6.src.rpm SHA-256: 30e940a4f73828b894c02789535236990092e0af48a27a3e9185005779043707 x86_64 thunderbird-140.9.1-1.el9_6.x86_64.rpm SHA-256: 4f744ab8fbb2b3474a63850e4fab4992782962955c23e2f735221b9ecf592412 thunderbird-debuginfo-140.9.1-1.el9_6.x86_64.rpm SHA-256: 8427ee0f80f00c9620d0e7200c7b12cb1cc5279532107805534de6229d459395 thunderbird-debugsource-140.9.1-1.el9_6.x86_64.rpm SHA-256: 5e181207552a76b3dd7505f99f0f15ecd7ece2726f15ecf90518152ae2736311 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 SRPM thunderbird-140.9.1-1.el9_6.src.rpm SHA-256: 30e940a4f73828b894c02789535236990092e0af48a27a3e9185005779043707 aarch64 thunderbird-140.9.1-1.el9_6.aarch64.rpm SHA-256: c90f96facc29ebd7300e9c6899ef23896e56d4db2a7b594c8faa19af6dc851a7 thunderbird-debuginfo-140.9.1-1.el9_6.aarch64.rpm SHA-256: b20fea66bf9f7735e2d18697292004a8dd068dfdabe644f3db35c6cb5856d755 thunderbird-debugsource-140.9.1-1.el9_6.aarch64.rpm SHA-256: 39a35519e00785d5dd560c69f6c708aeb9099555495bbaf77367c621a07f1f23 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 SRPM thunderbird-140.9.1-1.el9_6.src.rpm SHA-256: 30e940a4f73828b894c02789535236990092e0af48a27a3e9185005779043707 s390x thunderbird-140.9.1-1.el9_6.s390x.rpm SHA-256: 165c2b294959ce10cbd8a295994fd5b59782a19cc77f5dae2276ce27a145f1d8 thunderbird-debuginfo-140.9.1-1.el9_6.s390x.rpm SHA-256: 7262d48087c48ec9cd1670d78af1cb881ec75942dcee99e472adb45a33729006 thunderbird-debugsource-140.9.1-1.el9_6.s390x.rpm SHA-256: 5f2d33539c194f6503eec362f1ec94118346fbd7ce7459bf88c44a02a1293c33 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 SRPM thunderbird-140.9.1-1.el9_6.src.rpm SHA-256: 30e940a4f73828b894c02789535236990092e0af48a27a3e9185005779043707 x86_64 thunderbird-140.9.1-1.el9_6.x86_64.rpm SHA-256: 4f744ab8fbb2b3474a63850e4fab4992782962955c23e2f735221b9ecf592412 thunderbird-debuginfo-140.9.1-1.el9_6.x86_64.rpm SHA-256: 8427ee0f80f00c9620d0e7200c7b12cb1cc5279532107805534de6229d459395 thunderbird-debugsource-140.9.1-1.el9_6.x86_64.rpm SHA-256: 5e181207552a76b3dd7505f99f0f15ecd7ece2726f15ecf90518152ae2736311 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 SRPM thunderbird-140.9.1-1.el9_6.src.rpm SHA-256: 30e940a4f73828b894c02789535236990092e0af48a27a3e9185005779043707 aarch64 thunderbird-140.9.1-1.el9_6.aarch64.rpm SHA-256: c90f96facc29ebd7300e9c6899ef23896e56d4db2a7b594c8faa19af6dc851a7 thunderbird-debuginfo-140.9.1-1.el9_6.aarch64.rpm SHA-256: b20fea66bf9f7735e2d18697292004a8dd068dfdabe644f3db35c6cb5856d755 thunderbird-debugsource-140.9.1-1.el9_6.aarch64.rpm SHA-256: 39a35519e00785d5dd560c69f6c708aeb9099555495bbaf77367c621a07f1f23 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 SRPM thu

Related Articles

INFO RHSA-2026:9638: Important: thunderbird security update Red Hat Errata HIGH RHSA-2026:11805: Important: firefox security update Red Hat Errata HIGH RHSA-2026:11813: Important: thunderbird security update Red Hat Errata HIGH RHSA-2026:12264: Important: thunderbird security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn