MGASA-2026-0164

The updated packages fix security vulnerabilities: Incorrect boundary conditions in the Audio/Video: Web Codecs component. (CVE-2026-8946) Incorrect boundary conditions in the JavaScript Engine: JIT component. (CVE-2026-8388) Use-after-free in the DOM: Bindings (WebIDL) component. (CVE-2026-8947) Other issue in the JavaScript Engine component. (CVE-2026-8391) Sandbox escape in the Profile Backup component. (CVE-2026-8401) Same-origin policy bypass in the Networking: HTTP component. (CVE-2026-8950) Sandbox escape due to use-after-free in the Disability Access APIs component. (CVE-2026-8953) Incorrect boundary conditions, integer overflow in the Audio/Video component. (CVE-2026-8954) Privilege escalation in the DOM: Workers component. (CVE-2026-8955) Integer overflow in the Networking: JAR component. (CVE-2026-8956) Privilege escalation in the Enterprise Policies component. (CVE-2026-8957) Information disclosure, sandbox escape in the Security: Process Sandboxing component. (CVE-2026-8958) Spoofing issue in the Form Autofill component. (CVE-2026-8961) Mitigation bypass in the DOM: Security component. (CVE-2026-8962) Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. (CVE-2026-8968) Privilege escalation in the Security component. (CVE-2026-8970) Memory safety bugs fixed in Thunderbird 140.11 and Thunderbird 151. (CVE-2026-8974) Memory safety bugs fixed in Thunderbird 140.11 and Thunderbird 151. (CVE-2026-8975)