Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:19153: Important: thunderbird security update

thunderbirdemail-clientcve-2026-7323cve-2026-7320cve-2026-7322
This Red Hat security advisory addresses multiple high-severity vulnerabilities (CVSS scores 7.3-7.5) in Thunderbird, including memory safety bugs, an information disclosure flaw in the Audio/Video component, and a sandbox escape in the WebRTC networking component. Affected versions are Thunderbird ESR prior to 140.10.1 and Thunderbird prior to 150.0.1, with some vulnerabilities also affecting earlier ESR branches. The fix requires updating to Thunderbird ESR 140.10.1 or Thunderbird 150.0.1 as specified in the NVD data.
Read Full Article →

Red Hat Product Errata RHSA-2026:19153 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19153 - Security Advisory Overview Updated Packages Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 (CVE-2026-7323) firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component (CVE-2026-7320) firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 (CVE-2026-7322) firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-7321) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2463481 - CVE-2026-7323 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 BZ - 2463483 - CVE-2026-7320 firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component BZ - 2463484 - CVE-2026-7322 firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 BZ - 2463485 - CVE-2026-7321 firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component CVEs CVE-2026-7320 CVE-2026-7321 CVE-2026-7322 CVE-2026-7323 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82 x86_64 thunderbird-140.10.1-1.el10_2.x86_64.rpm SHA-256: c500f551b427cb53be4c4b4ccce39693da264664c0af1c21988182858a85a12c thunderbird-debuginfo-140.10.1-1.el10_2.x86_64.rpm SHA-256: a0ca92cf763629ab34dad92a342cfc7c19a3b188644551e899d9a04ddc987ee7 thunderbird-debugsource-140.10.1-1.el10_2.x86_64.rpm SHA-256: 9565f61f509d7beed1627e8a7bc6464c3f400d6590685aebbcb6a7bb669ccff7 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82 x86_64 thunderbird-140.10.1-1.el10_2.x86_64.rpm SHA-256: c500f551b427cb53be4c4b4ccce39693da264664c0af1c21988182858a85a12c thunderbird-debuginfo-140.10.1-1.el10_2.x86_64.rpm SHA-256: a0ca92cf763629ab34dad92a342cfc7c19a3b188644551e899d9a04ddc987ee7 thunderbird-debugsource-140.10.1-1.el10_2.x86_64.rpm SHA-256: 9565f61f509d7beed1627e8a7bc6464c3f400d6590685aebbcb6a7bb669ccff7 Red Hat Enterprise Linux for IBM z Systems 10 SRPM thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82 s390x thunderbird-140.10.1-1.el10_2.s390x.rpm SHA-256: 970898c45b81bcbd3e67228219a67d1efa4de86c8ccd7de707f0b285ba749d09 thunderbird-debuginfo-140.10.1-1.el10_2.s390x.rpm SHA-256: 7419b4f901d17aaf2fa9133000c524441242b722d47b2e88cb2ced823943b64b thunderbird-debugsource-140.10.1-1.el10_2.s390x.rpm SHA-256: b39a8c3a912962930c96e637e731121798512ac5086346e189dd38d3ea8e1abc Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 SRPM thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82 s390x thunderbird-140.10.1-1.el10_2.s390x.rpm SHA-256: 970898c45b81bcbd3e67228219a67d1efa4de86c8ccd7de707f0b285ba749d09 thunderbird-debuginfo-140.10.1-1.el10_2.s390x.rpm SHA-256: 7419b4f901d17aaf2fa9133000c524441242b722d47b2e88cb2ced823943b64b thunderbird-debugsource-140.10.1-1.el10_2.s390x.rpm SHA-256: b39a8c3a912962930c96e637e731121798512ac5086346e189dd38d3ea8e1abc Red Hat Enterprise Linux for Power, little endian 10 SRPM thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82 ppc64le thunderbird-140.10.1-1.el10_2.ppc64le.rpm SHA-256: 0b64ef47f2d8e7b3d5b6927b7f6f97ae9cc48bbeed9fc9fc5fe15e58c136ec29 thunderbird-debuginfo-140.10.1-1.el10_2.ppc64le.rpm SHA-256: e74b5474b5576c83984e0a319d47d25d0c16e610d19b67589496529202df99b6 thunderbird-debugsource-140.10.1-1.el10_2.ppc64le.rpm SHA-256: 557659cfad184713f816b7ec8e15742d90cab0f037f0e93279c2a3d128fd1ea1 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 SRPM thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82 ppc64le thunderbird-140.10.1-1.el10_2.ppc64le.rpm SHA-256: 0b64ef47f2d8e7b3d5b6927b7f6f97ae9cc48bbeed9fc9fc5fe15e58c136ec29 thunderbird-debuginfo-140.10.1-1.el10_2.ppc64le.rpm SHA-256: e74b5474b5576c83984e0a319d47d25d0c16e610d19b67589496529202df99b6 thunderbird-debugsource-140.10.1-1.el10_2.ppc64le.rpm SHA-256: 557659cfad184713f816b7ec8e15742d90cab0f037f0e93279c2a3d128fd1ea1 Red Hat Enterprise Linux for ARM 64 10 SRPM thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82 aarch64 thunderbird-140.10.1-1.el10_2.aarch64.rpm SHA-256: 6db3dc3d87a65f92649e6f1132eb79e8959c5ca3d8b9cb272d1a0c3f0e762ab3 thunderbird-debuginfo-140.10.1-1.el10_2.aarch64.rpm SHA-256: 7e4b047ee7cfa3cb53f69d563bbbdb54ed344b7e57eed266d716ac0fc7d27aac thunderbird-debugsource-140.10.1-1.el10_2.aarch64.rpm SHA-256: 3d4b51732ad1ac552ea520851d22c5182f8a5a5746c45ca22a46b07a2a6a14fc Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 SRPM thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82 aarch64 thunderbird-140.10.1-1.el10_2.aarch64.rpm SHA-256: 6db3dc3d87a65f92649e6f1132eb79e8959c5ca3d8b9cb272d1a0c3f0e762ab3 thunderbird-debuginfo-140.10.1-1.el10_2.aarch64.rpm SHA-256: 7e4b047ee7cfa3cb53f69d563bbbdb54ed344b7e57eed266d716ac0fc7d27aac thunderbird-debugsource-140.10.1-1.el10_2.aarch64.rpm SHA-256: 3d4b51732ad1ac552ea520851d22c5182f8a5a5746c45ca22a46b07a2a6a14fc Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 SRPM thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82 aarch64 thunderbird-140.10.1-1.el10_2.aarch64.rpm SHA-256: 6db3dc3d87a65f92649e6f1132eb79e8959c5ca3d8b9cb272d1a0c3f0e762ab3 thunderbird-debuginfo-140.10.1-1.el10_2.aarch64.rpm SHA-256: 7e4b047ee7cfa3cb53f69d563bbbdb54ed344b7e57eed266d716ac0fc7d27aac thunderbird-debugsource-140.10.1-1.el10_2.aarch64.rpm SHA-256: 3d4b51732ad1ac552ea520851d22c5182f8a5a5746c45ca22a46b07a2a6a14fc Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 SRPM thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82 s390x thunderbird-140.10.1-1.el10_2.s390x.rpm SHA-256: 970898c45b81bcbd3e67228219a67d1efa4de86c8ccd7de707f0b285ba749d09 thunderbird-debuginfo-140.10.1-1.el10_2.s390x.rpm SHA-256: 7419b4f901d17aaf2fa9133000c524441242b722d47b2e88cb2ced823943b64b thunderbird-debugsource-140.10.1-1.el10_2.s390x.rpm SHA-256: b39a8c3a912962930c96e637e731121798512ac5086346e189dd38d3ea8e1abc Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 SRPM thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82 ppc64le thunderbird-140.10.1-1.el10_2.ppc64le.rpm SHA-256: 0b64ef47f2d8e7b3d5b6927b7f6f97ae9cc48bbeed9fc9fc5fe15e58c136ec29 thunderbird-debuginfo-140.10.1-1.el10_2.ppc64le.rpm SHA-256: e74b5474b5576c83984e0a319d47d25d0c16e610d19b67589496529202df99b6 thunderbird-debugsource-140.10.1-1.el10_2.ppc64le.rpm SHA-256: 557659cfad184713f816b7ec8e15742d90cab0f037f0e93279c2a3d128fd1ea1 Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 SRPM thunderbird-140.10.1-1.el10_2.src.rpm SHA-256: 852b3f10acd29dfff8127e8b57abf1c30a06289bfeea4af28e1bba9c542adc82 x86_64 thunderbird-140.10.1-1.el10_2.x86_64.rpm SHA-256: c500f551b427cb53be4c4b4ccce39693da264664c0af1c21988182858a85a12c thunderbird-debuginfo-140.10.1-1.el10_2.x86_64.rp

Related Articles

HIGH DSA-6242-1 thunderbird - security update Debian Security HIGH Multiples vulnérabilités dans Mozilla Thunderbird (04 mai 2026) CERT-FR (ANSSI) HIGH RHSA-2026:19348: Important: thunderbird security update Red Hat Errata MEDIUM Multiples vulnérabilités dans les produits Mozilla (29 avril 2026) CERT-FR (ANSSI)
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn