[Git][security-tracker-team/security-tracker][master] add MFSA references for Thunderbird
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Apr 23 16:43:45 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3a715acf by Moritz Muehlenhoff at 2026-04-23T17:43:11+02:00
add MFSA references for Thunderbird
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2220,6 +2220,7 @@ CVE-2026-6786 (Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6786
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6786
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6786
CVE-2026-6785 (Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, T ...)
{DSA-6225-1}
- firefox 150.0-1
@@ -2227,6 +2228,7 @@ CVE-2026-6785 (Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6785
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6785
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6785
CVE-2026-6784 (Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of ...)
- firefox 150.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6784
@@ -2258,6 +2260,7 @@ CVE-2026-6776 (Incorrect boundary conditions in the WebRTC: Networking component
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6776
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6776
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6776
CVE-2026-6775 (Incorrect boundary conditions in the WebRTC component. This vulnerabil ...)
- firefox 150.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6775
@@ -2275,6 +2278,7 @@ CVE-2026-6772 (Incorrect boundary conditions in the Libraries component in NSS.
- nss 2:3.123-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6772
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6772
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6772
NOTE: https://hg.mozilla.org/projects/nss/rev/961f1a40f5e7
CVE-2026-6771 (Mitigation bypass in the DOM: Security component. This vulnerability w ...)
{DSA-6225-1}
@@ -2283,6 +2287,7 @@ CVE-2026-6771 (Mitigation bypass in the DOM: Security component. This vulnerabil
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6771
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6771
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6771
CVE-2026-6770 (Other issue in the Storage: IndexedDB component. This vulnerability wa ...)
{DSA-6225-1}
- firefox 150.0-1
@@ -2290,6 +2295,7 @@ CVE-2026-6770 (Other issue in the Storage: IndexedDB component. This vulnerabili
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6770
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6770
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6770
CVE-2026-6769 (Privilege escalation in the Debugger component. This vulnerability was ...)
{DSA-6225-1}
- firefox 150.0-1
@@ -2297,6 +2303,7 @@ CVE-2026-6769 (Privilege escalation in the Debugger component. This vulnerabilit
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6769
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6769
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6769
CVE-2026-6768 (Mitigation bypass in the Networking: Cookies component. This vulnerabi ...)
- firefox 150.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6768
@@ -2308,6 +2315,7 @@ CVE-2026-6767 (Other issue in the Libraries component in NSS. This vulnerability
- nss 2:3.123-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6767
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6767
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6767
NOTE: https://hg.mozilla.org/projects/nss/rev/4e693e8b5c0d
CVE-2026-6766 (Incorrect boundary conditions in the Libraries component in NSS. This ...)
{DSA-6225-1}
@@ -2317,6 +2325,7 @@ CVE-2026-6766 (Incorrect boundary conditions in the Libraries component in NSS.
- nss 2:3.123-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6766
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6766
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6766
NOTE: https://hg.mozilla.org/projects/nss/rev/42da9a7f8a03
CVE-2026-6765 (Information disclosure in the Form Autofill component. This vulnerabil ...)
{DSA-6225-1}
@@ -2325,6 +2334,7 @@ CVE-2026-6765 (Information disclosure in the Form Autofill component. This vulne
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6765
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6765
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6765
CVE-2026-6764 (Incorrect boundary conditions in the DOM: Device Interfaces component. ...)
{DSA-6225-1}
- firefox 150.0-1
@@ -2332,6 +2342,7 @@ CVE-2026-6764 (Incorrect boundary conditions in the DOM: Device Interfaces compo
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6764
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6764
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6764
CVE-2026-6763 (Mitigation bypass in the File Handling component. This vulnerability w ...)
{DSA-6225-1}
- firefox 150.0-1
@@ -2339,6 +2350,7 @@ CVE-2026-6763 (Mitigation bypass in the File Handling component. This vulnerabil
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6763
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6763
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6763
CVE-2026-6762 (Spoofing issue in the DOM: Core & HTML component. This vulnerability w ...)
{DSA-6225-1}
- firefox 150.0-1
@@ -2346,6 +2358,7 @@ CVE-2026-6762 (Spoofing issue in the DOM: Core & HTML component. This vulnerabil
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6762
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6762
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6762
CVE-2026-6761 (Privilege escalation in the Networking component. This vulnerability w ...)
{DSA-6225-1}
- firefox 150.0-1
@@ -2353,6 +2366,7 @@ CVE-2026-6761 (Privilege escalation in the Networking component. This vulnerabil
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6761
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6761
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6761
CVE-2026-6760 (Mitigation bypass in the Networking: Cookies component. This vulnerabi ...)
- firefox 150.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6760
@@ -2362,6 +2376,7 @@ CVE-2026-6759 (Use-after-free in the Widget: Cocoa component. This vulnerability
- thunderbird <not-affected> (Only affects Thunderbird on MacOS)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6759
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6759
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6759
CVE-2026-6758 (Use-after-free in the JavaScript: WebAssembly component. This vulnerab ...)
- firefox 150.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6758
@@ -2372,6 +2387,7 @@ CVE-2026-6757 (Invalid pointer in the JavaScript: WebAssembly component. This vu
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6757
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6757
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6757
CVE-2026-6756 (Mitigation bypass in Firefox for Android. This vulnerability was fixed ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6756
@@ -2385,6 +2401,7 @@ CVE-2026-6754 (Use-after-free in the JavaScript Engine component. This vulnerabi
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6754
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6754
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6754
CVE-2026-6753 (Incorrect boundary conditions in the WebRTC component. This vulnerabil ...)
{DSA-6225-1}
- firefox 150.0-1
@@ -2392,6 +2409,7 @@ CVE-2026-6753 (Incorrect boundary conditions in the WebRTC component. This vulne
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6753
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6753
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6753
CVE-2026-6752 (Incorrect boundary conditions in the WebRTC component. This vulnerabil ...)
{DSA-6225-1}
- firefox 150.0-1
@@ -2399,6 +2417,7 @@ CVE-2026-6752 (Incorrect boundary conditions in the WebRTC component. This vulne
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6752
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6752
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6752
CVE-2026-6751 (Uninitialized memory in the Audio/Video: Web Codecs component. This vu ...)
{DSA-6225-1}
- firefox 150.0-1
@@ -2406,6 +2425,7 @@ CVE-2026-6751 (Uninitialized memory in the Audio/Video: Web Codecs component. Th
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6751
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6751
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6751
CVE-2026-6750 (Privilege escalation in the Graphics: WebRender component. This vulner ...)
{DSA-6225-1}
- firefox 150.0-1
@@ -2413,6 +2433,7 @@ CVE-2026-6750 (Privilege escalation in the Graphics: WebRender component. This v
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6750
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6750
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6750
CVE-2026-6749 (Information disclosure due to uninitialized memory in the Graphics: Ca ...)
{DSA-6225-1}
- firefox 150.0-1
@@ -2420,6 +2441,7 @@ CVE-2026-6749 (Information disclosure due to uninitialized memory in the Graphic
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6749
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6749
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6749
CVE-2026-6748 (Uninitialized memory in the Audio/Video: Web Codecs component. This vu ...)
{DSA-6225-1}
- firefox 150.0-1
@@ -2427,6 +2449,7 @@ CVE-2026-6748 (Uninitialized memory in the Audio/Video: Web Codecs component. Th
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6748
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6748
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6748
CVE-2026-6747 (Use-after-free in the WebRTC component. This vulnerability was fixed i ...)
{DSA-6225-1}
- firefox 150.0-1
@@ -2434,6 +2457,7 @@ CVE-2026-6747 (Use-after-free in the WebRTC component. This vulnerability was fi
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6747
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6747
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6747
CVE-2026-6746 (Use-after-free in the DOM: Core & HTML component. This vulnerability w ...)
{DSA-6225-1}
- firefox 150.0-1
@@ -2441,6 +2465,7 @@ CVE-2026-6746 (Use-after-free in the DOM: Core & HTML component. This vulnerabil
- thunderbird 1:140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6746
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6746
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6746
CVE-2026-40706 (In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists i ...)
{DSA-6221-1 DLA-4544-1}
- ntfs-3g 1:2026.2.25-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a715acf6f53b0f8e49d3f50fa8a6f707dbcc7a3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a715acf6f53b0f8e49d3f50fa8a6f707dbcc7a3
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260423/9e9d7023/attachment.htm>
More information about the debian-security-tracker-commits
mailing list