[Git][security-tracker-team/security-tracker][master] thunderbird fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed May 20 14:22:57 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2a21ef5d by Moritz Muehlenhoff at 2026-05-20T15:22:35+02:00
thunderbird fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -512,14 +512,14 @@ CVE-2026-46529
CVE-2026-8975 (Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8975
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8975
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8975
CVE-2026-8974 (Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8974
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8974
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8974
@@ -535,7 +535,7 @@ CVE-2026-8971 (Same-origin policy bypass in the Networking: JAR component. This
CVE-2026-8970 (Privilege escalation in the Security component. This vulnerability was ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8970
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8970
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8970
@@ -545,7 +545,7 @@ CVE-2026-8969 (Mitigation bypass in the DOM: Security component. This vulnerabil
CVE-2026-8968 (Denial-of-service due to invalid pointer in the Audio/Video: Web Codec ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8968
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8968
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8968
@@ -567,14 +567,14 @@ CVE-2026-8963 (Spoofing issue in the Web Speech component. This vulnerability wa
CVE-2026-8962 (Mitigation bypass in the DOM: Security component. This vulnerability w ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8962
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8962
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8962
CVE-2026-8961 (Spoofing issue in the Form Autofill component. This vulnerability was ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8961
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8961
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8961
@@ -591,42 +591,42 @@ CVE-2026-8959 (Sandbox escape due to incorrect boundary conditions in the Widget
CVE-2026-8958 (Information disclosure, sandbox escape in the Security: Process Sandbo ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8958
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8958
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8958
CVE-2026-8957 (Privilege escalation in the Enterprise Policies component. This vulner ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8957
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8957
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8957
CVE-2026-8956 (Integer overflow in the Networking: JAR component. This vulnerability ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8956
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8956
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8956
CVE-2026-8955 (Privilege escalation in the DOM: Workers component. This vulnerability ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8955
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8955
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8955
CVE-2026-8954 (Incorrect boundary conditions, integer overflow in the Audio/Video com ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8954
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8954
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8954
CVE-2026-8953 (Sandbox escape due to use-after-free in the Disability Access APIs com ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8953
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8953
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8953
@@ -639,7 +639,7 @@ CVE-2026-8951 (Spoofing issue in the Toolbar component in Firefox for Android. T
CVE-2026-8950 (Same-origin policy bypass in the Networking: HTTP component. This vuln ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8950
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8950
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8950
@@ -656,14 +656,14 @@ CVE-2026-8948 (Same-origin policy bypass in the DOM: Networking component. This
CVE-2026-8947 (Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerabi ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8947
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8947
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8947
CVE-2026-8946 (Incorrect boundary conditions in the Audio/Video: Web Codecs component ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8946
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8946
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8946
@@ -3903,14 +3903,14 @@ CVE-2026-8407 (Missing authorization in the PAM module in Devolutions Server all
CVE-2026-8401 (Sandbox escape in the Profile Backup component. This vulnerability was ...)
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/#CVE-2026-8401
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8401
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8401
CVE-2026-8391 (Other issue in the JavaScript Engine component. This vulnerability was ...)
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/#CVE-2026-8391
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8391
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8391
@@ -3923,7 +3923,7 @@ CVE-2026-8389 (JIT miscompilation in the JavaScript Engine: JIT component. This
CVE-2026-8388 (Incorrect boundary conditions in the JavaScript Engine: JIT component. ...)
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/#CVE-2026-8388
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8388
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8388
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a21ef5d469e78c6e4690fe7ee9c72cf080faf11
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a21ef5d469e78c6e4690fe7ee9c72cf080faf11
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260520/88c8100e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list