Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:13412: Important: thunderbird security update

cve-2026-33416red-hatcve-2026-33636cve-2026-5734cve-2026-5731
This Red Hat security advisory addresses multiple critical vulnerabilities in Thunderbird, including a critical memory safety bug (CVE-2026-5734, CVSS 9.8) and high-severity libpng flaws enabling arbitrary code execution and information disclosure. Affected versions are Thunderbird ESR prior to 140.9.1 and Thunderbird prior to 149.0.2, as well as libpng versions 1.6.36 through 1.6.55. The fix requires applying the provided Red Hat update, which upgrades the bundled libpng to version 1.6.56 and Thunderbird to the patched versions.
Read Full Article →

Red Hat Product Errata RHSA-2026:13412 - Security Advisory Issued: 2026-05-04 Updated: 2026-05-04 RHSA-2026:13412 - Security Advisory Overview Updated Packages Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416) libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636) thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5734) thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5731) firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component (CVE-2026-5732) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2451805 - CVE-2026-33416 libpng: libpng: Arbitrary code execution due to use-after-free vulnerability BZ - 2451819 - CVE-2026-33636 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion BZ - 2455897 - CVE-2026-5734 thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 BZ - 2455901 - CVE-2026-5731 thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 BZ - 2455908 - CVE-2026-5732 firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component CVEs CVE-2026-5731 CVE-2026-5732 CVE-2026-5734 CVE-2026-33416 CVE-2026-33636 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM thunderbird-140.9.1-1.el9_2.src.rpm SHA-256: 76d7090eece6247cf48a139b58c49ef3236f4b430ba1d4a10aec434cefebf62d x86_64 thunderbird-140.9.1-1.el9_2.x86_64.rpm SHA-256: c52b36bcb0cacfae2753180a34c80ab2b5a92e7189dce2ff37be6ea03ef9f08a thunderbird-debuginfo-140.9.1-1.el9_2.x86_64.rpm SHA-256: eabae850f60030061af4d1907e97d8778545f11bb1d2b5c5e9e05365f7b90910 thunderbird-debugsource-140.9.1-1.el9_2.x86_64.rpm SHA-256: 0821b5cacaba68c367491618d645d802ad6da3e73a441136da568c0c2f283e72 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM thunderbird-140.9.1-1.el9_2.src.rpm SHA-256: 76d7090eece6247cf48a139b58c49ef3236f4b430ba1d4a10aec434cefebf62d ppc64le thunderbird-140.9.1-1.el9_2.ppc64le.rpm SHA-256: 9aec236e98bd4b6ba0d5cb9720eb3392b22bacdb0d0b95b8bc39bde93d30d497 thunderbird-debuginfo-140.9.1-1.el9_2.ppc64le.rpm SHA-256: 91a26912abd9aab1d40a40e7fdb18d1def85a051bbcc995f6ffaf9c2fe34eff1 thunderbird-debugsource-140.9.1-1.el9_2.ppc64le.rpm SHA-256: 4614bf12e935b5b90bbbbc678f4d64e6fe9dfd6197420efb4ea9718c19abe55c Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM thunderbird-140.9.1-1.el9_2.src.rpm SHA-256: 76d7090eece6247cf48a139b58c49ef3236f4b430ba1d4a10aec434cefebf62d x86_64 thunderbird-140.9.1-1.el9_2.x86_64.rpm SHA-256: c52b36bcb0cacfae2753180a34c80ab2b5a92e7189dce2ff37be6ea03ef9f08a thunderbird-debuginfo-140.9.1-1.el9_2.x86_64.rpm SHA-256: eabae850f60030061af4d1907e97d8778545f11bb1d2b5c5e9e05365f7b90910 thunderbird-debugsource-140.9.1-1.el9_2.x86_64.rpm SHA-256: 0821b5cacaba68c367491618d645d802ad6da3e73a441136da568c0c2f283e72 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 SRPM thunderbird-140.9.1-1.el9_2.src.rpm SHA-256: 76d7090eece6247cf48a139b58c49ef3236f4b430ba1d4a10aec434cefebf62d aarch64 thunderbird-140.9.1-1.el9_2.aarch64.rpm SHA-256: bfe43825a1661e4f48ce67a7d9fbccbca5e185397b577ae0ab6be70196d93e8e thunderbird-debuginfo-140.9.1-1.el9_2.aarch64.rpm SHA-256: 9acc07da144584e2297162bef264a712ae0f6d1e281b19416cf264fcec847b35 thunderbird-debugsource-140.9.1-1.el9_2.aarch64.rpm SHA-256: a9c709c6e50bbe7c1ee675f89251f49f410d7dc738405874355e23ef614b4902 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 SRPM thunderbird-140.9.1-1.el9_2.src.rpm SHA-256: 76d7090eece6247cf48a139b58c49ef3236f4b430ba1d4a10aec434cefebf62d s390x thunderbird-140.9.1-1.el9_2.s390x.rpm SHA-256: 5f2151754570082909282b3652ca4865b60fa49bc8e5369fecdf3ec970d6352e thunderbird-debuginfo-140.9.1-1.el9_2.s390x.rpm SHA-256: 401f3e0e5a82e198205fd65711bd797fe4617f648a8fa677727ea75220fd2482 thunderbird-debugsource-140.9.1-1.el9_2.s390x.rpm SHA-256: 5b2f71cba293359591787eacaa9c324223236d9fa50ab140e610a65487119fdb Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 SRPM thunderbird-140.9.1-1.el9_2.src.rpm SHA-256: 76d7090eece6247cf48a139b58c49ef3236f4b430ba1d4a10aec434cefebf62d x86_64 thunderbird-140.9.1-1.el9_2.x86_64.rpm SHA-256: c52b36bcb0cacfae2753180a34c80ab2b5a92e7189dce2ff37be6ea03ef9f08a thunderbird-debuginfo-140.9.1-1.el9_2.x86_64.rpm SHA-256: eabae850f60030061af4d1907e97d8778545f11bb1d2b5c5e9e05365f7b90910 thunderbird-debugsource-140.9.1-1.el9_2.x86_64.rpm SHA-256: 0821b5cacaba68c367491618d645d802ad6da3e73a441136da568c0c2f283e72 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 SRPM thunderbird-140.9.1-1.el9_2.src.rpm SHA-256: 76d7090eece6247cf48a139b58c49ef3236f4b430ba1d4a10aec434cefebf62d aarch64 thunderbird-140.9.1-1.el9_2.aarch64.rpm SHA-256: bfe43825a1661e4f48ce67a7d9fbccbca5e185397b577ae0ab6be70196d93e8e thunderbird-debuginfo-140.9.1-1.el9_2.aarch64.rpm SHA-256: 9acc07da144584e2297162bef264a712ae0f6d1e281b19416cf264fcec847b35 thunderbird-debugsource-140.9.1-1.el9_2.aarch64.rpm SHA-256: a9c709c6e50bbe7c1ee675f89251f49f410d7dc738405874355e23ef614b4902 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 SRPM thunderbird-140.9.1-1.el9_2.src.rpm SHA-256: 76d7090eece6247cf48a139b58c49ef3236f4b430ba1d4a10aec434cefebf62d ppc64le thunderbird-140.9.1-1.el9_2.ppc64le.rpm SHA-256: 9aec236e98bd4b6ba0d5cb9720eb3392b22bacdb0d0b95b8bc39bde93d30d497 thunderbird-debuginfo-140.9.1-1.el9_2.ppc64le.rpm SHA-256: 91a26912abd9aab1d40a40e7fdb18d1def85a051bbcc995f6ffaf9c2fe34eff1 thunderbird-debugsource-140.9.1-1.el9_2.ppc64le.rpm SHA-256: 4614bf12e935b5b90bbbbc678f4d64e6fe9dfd6197420efb4ea9718c19abe55c Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 SRPM thunderbird-140.9.1-1.el9_2.src.rpm SHA-256: 76d7090eece6247cf48a139b58c49ef3236f4b430ba1d4a10aec434cefebf62d s390x thunderbird-140.9.1-1.el9_2.s390x.rpm SHA-256: 5f2151754570082909282b3652ca4865b60fa49bc8e5369fecdf3ec970d6352e thunderbird-debuginfo-140.9.1-1.el9_2.s390x.rpm SHA-256: 401f3e0e5a82e198205fd65711bd797fe4617f648a8fa677727ea75220fd2482 thunderbird-debugsource-140.9.1-1.el9_2.s390x.rpm SHA-256: 5b2f71cba293359591787eacaa9c324223236d9fa50ab140e610a65487119fdb The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .

Related Articles

INFO RHSA-2026:9638: Important: thunderbird security update Red Hat Errata HIGH RHSA-2026:11805: Important: firefox security update Red Hat Errata HIGH RHSA-2026:11813: Important: thunderbird security update Red Hat Errata HIGH RHSA-2026:12264: Important: thunderbird security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn