[Git][security-tracker-team/security-tracker][master] Add new thunderbird issues from mfsa2026-05

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 16 08:09:07 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4b1eee36 by Salvatore Bonaccorso at 2026-01-16T09:08:38+01:00
Add new thunderbird issues from mfsa2026-05

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1887,14 +1887,18 @@ CVE-2026-0891 (Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR
 	{DSA-6101-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0891
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0891
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0891
 CVE-2026-0890 (Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. Thi ...)
 	{DSA-6101-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0890
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0890
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0890
 CVE-2026-0889 (Denial-of-service in the DOM: Service Workers component. This vulnerab ...)
 	- firefox 147.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0889
@@ -1905,38 +1909,50 @@ CVE-2026-0887 (Clickjacking issue, information disclosure in the PDF Viewer comp
 	{DSA-6101-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0887
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0887
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0887
 CVE-2026-0886 (Incorrect boundary conditions in the Graphics component. This vulnerab ...)
 	{DSA-6101-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0886
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0886
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0886
 CVE-2026-0885 (Use-after-free in the JavaScript: GC component. This vulnerability aff ...)
 	{DSA-6101-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0885
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0885
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0885
 CVE-2026-0884 (Use-after-free in the JavaScript Engine component. This vulnerability  ...)
 	{DSA-6101-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0884
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0884
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0884
 CVE-2026-0883 (Information disclosure in the Networking component. This vulnerability ...)
 	{DSA-6101-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0883
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0883
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0883
 CVE-2026-0882 (Use-after-free in the IPC component. This vulnerability affects Firefo ...)
 	{DSA-6101-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0882
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0882
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0882
 CVE-2026-0881 (Sandbox escape in the Messaging System component. This vulnerability a ...)
 	- firefox 147.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0881
@@ -1944,26 +1960,34 @@ CVE-2026-0880 (Sandbox escape due to integer overflow in the Graphics component.
 	{DSA-6101-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0880
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0880
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0880
 CVE-2026-0879 (Sandbox escape due to incorrect boundary conditions in the Graphics co ...)
 	{DSA-6101-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0879
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0879
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0879
 CVE-2026-0878 (Sandbox escape due to incorrect boundary conditions in the Graphics: C ...)
 	{DSA-6101-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0878
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0878
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0878
 CVE-2026-0877 (Mitigation bypass in the DOM: Security component. This vulnerability a ...)
 	{DSA-6101-1 DLA-4439-1}
 	- firefox 147.0-1
 	- firefox-esr 140.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/#CVE-2026-0877
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2026-0877
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2026-0877
 CVE-2026-22837
 	REJECTED
 CVE-2026-22836
@@ -17559,8 +17583,10 @@ CVE-2025-14327 (Spoofing issue in the Downloads Panel component. This vulnerabil
 	{DSA-6101-1 DLA-4439-1}
 	- firefox 146.0-1
 	- firefox-esr 140.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14327
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/#CVE-2025-14327
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/#CVE-2025-14327
 CVE-2025-14326 (Use-after-free in the Audio/Video: GMP component. This vulnerability a ...)
 	- firefox 146.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14326



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b1eee36cea2d1996979cb294138ce3a55938381

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b1eee36cea2d1996979cb294138ce3a55938381
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260116/96b728e1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list