[Git][security-tracker-team/security-tracker][master] Track fixed version for thunderbid issues fixed for mfsa2026-17
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 27 21:12:29 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
202e108a by Salvatore Bonaccorso at 2026-02-27T22:11:47+01:00
Track fixed version for thunderbid issues fixed for mfsa2026-17
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1496,7 +1496,7 @@ CVE-2026-2793 (Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2793
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2793
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2793
@@ -1504,7 +1504,7 @@ CVE-2026-2792 (Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2792
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2792
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2792
@@ -1515,7 +1515,7 @@ CVE-2026-2791 (Mitigation bypass in the Networking: Cache component. This vulner
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2791
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2791
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2791
@@ -1523,7 +1523,7 @@ CVE-2026-2790 (Same-origin policy bypass in the Networking: JAR component. This
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2790
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2790
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2790
@@ -1534,7 +1534,7 @@ CVE-2026-2789 (Use-after-free in the Graphics: ImageLib component. This vulnerab
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2789
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2789
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2789
@@ -1542,7 +1542,7 @@ CVE-2026-2788 (Incorrect boundary conditions in the Audio/Video: GMP component.
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2788
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2788
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2788
@@ -1550,7 +1550,7 @@ CVE-2026-2787 (Use-after-free in the DOM: Window and Location component. This vu
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2787
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2787
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2787
@@ -1561,7 +1561,7 @@ CVE-2026-2786 (Use-after-free in the JavaScript Engine component. This vulnerabi
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2786
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2786
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2786
@@ -1572,7 +1572,7 @@ CVE-2026-2785 (Invalid pointer in the JavaScript Engine component. This vulnerab
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2785
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2785
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2785
@@ -1580,7 +1580,7 @@ CVE-2026-2784 (Mitigation bypass in the DOM: Security component. This vulnerabil
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2784
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2784
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2784
@@ -1594,7 +1594,7 @@ CVE-2026-2783 (Information disclosure due to JIT miscompilation in the JavaScrip
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2783
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2783
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2783
@@ -1602,7 +1602,7 @@ CVE-2026-2782 (Privilege escalation in the Netmonitor component. This vulnerabil
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2782
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2782
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2782
@@ -1613,7 +1613,7 @@ CVE-2026-2781 (Integer overflow in the Libraries component in NSS. This vulnerab
{DSA-6149-1 DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
- nss 2:3.121-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2781
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2781
@@ -1624,7 +1624,7 @@ CVE-2026-2780 (Privilege escalation in the Netmonitor component. This vulnerabil
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2780
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2780
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2780
@@ -1635,7 +1635,7 @@ CVE-2026-2779 (Incorrect boundary conditions in the Networking: JAR component. T
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2779
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2779
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2779
@@ -1643,7 +1643,7 @@ CVE-2026-2778 (Sandbox escape due to incorrect boundary conditions in the DOM: C
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2778
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2778
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2778
@@ -1651,7 +1651,7 @@ CVE-2026-2777 (Privilege escalation in the Messaging System component. This vuln
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2777
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2777
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2777
@@ -1659,7 +1659,7 @@ CVE-2026-2776 (Sandbox escape due to incorrect boundary conditions in the Teleme
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2776
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2776
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2776
@@ -1667,7 +1667,7 @@ CVE-2026-2775 (Mitigation bypass in the DOM: HTML Parser component. This vulnera
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2775
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2775
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2775
@@ -1675,7 +1675,7 @@ CVE-2026-2774 (Integer overflow in the Audio/Video component. This vulnerability
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2774
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2774
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2774
@@ -1683,7 +1683,7 @@ CVE-2026-2773 (Incorrect boundary conditions in the Web Audio component. This vu
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2773
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2773
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2773
@@ -1691,7 +1691,7 @@ CVE-2026-2772 (Use-after-free in the Audio/Video: Playback component. This vulne
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2772
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2772
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2772
@@ -1699,7 +1699,7 @@ CVE-2026-2771 (Undefined behavior in the DOM: Core & HTML component. This vulner
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2771
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2771
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2771
@@ -1707,7 +1707,7 @@ CVE-2026-2770 (Use-after-free in the DOM: Bindings (WebIDL) component. This vuln
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2770
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2770
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2770
@@ -1718,7 +1718,7 @@ CVE-2026-2769 (Use-after-free in the Storage: IndexedDB component. This vulnerab
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2769
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2769
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2769
@@ -1729,7 +1729,7 @@ CVE-2026-2768 (Sandbox escape in the Storage: IndexedDB component. This vulnerab
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2768
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2768
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2768
@@ -1737,7 +1737,7 @@ CVE-2026-2767 (Use-after-free in the JavaScript: WebAssembly component. This vul
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2767
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2767
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2767
@@ -1745,7 +1745,7 @@ CVE-2026-2766 (Use-after-free in the JavaScript Engine: JIT component. This vuln
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2766
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2766
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2766
@@ -1753,7 +1753,7 @@ CVE-2026-2765 (Use-after-free in the JavaScript Engine component. This vulnerabi
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2765
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2765
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2765
@@ -1767,7 +1767,7 @@ CVE-2026-2764 (JIT miscompilation, use-after-free in the JavaScript Engine: JIT
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2764
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2764
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2764
@@ -1775,7 +1775,7 @@ CVE-2026-2763 (Use-after-free in the JavaScript Engine component. This vulnerabi
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2763
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2763
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2763
@@ -1783,7 +1783,7 @@ CVE-2026-2762 (Integer overflow in the JavaScript: Standard Library component. T
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2762
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2762
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2762
@@ -1791,7 +1791,7 @@ CVE-2026-2761 (Sandbox escape in the Graphics: WebRender component. This vulnera
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2761
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2761
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2761
@@ -1810,7 +1810,7 @@ CVE-2026-2759 (Incorrect boundary conditions in the Graphics: ImageLib component
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2759
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2759
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2759
@@ -1818,7 +1818,7 @@ CVE-2026-2758 (Use-after-free in the JavaScript: GC component. This vulnerabilit
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2758
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2758
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2758
@@ -1829,7 +1829,7 @@ CVE-2026-2757 (Incorrect boundary conditions in the WebRTC: Audio/Video componen
{DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2757
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2757
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2757
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/202e108ab0d8534cddf8e020807907df2be1dfbc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/202e108ab0d8534cddf8e020807907df2be1dfbc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260227/eb0bab67/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list