RLSA-2026:29940

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

• firefox: thunderbird: Sandbox escape in the DOM: Workers component (CVE-2026-12294)

• firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12313)

• firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12311)

• firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12290)

• firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12327)

• firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component (CVE-2026-12299)

• firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12329)

• firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12312)

• firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12302)

• firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12328)

• firefox: thunderbird: Incorrect boundary conditions in the Internationalization component (CVE-2026-12330)

• firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12314)

• firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12309)

• firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12310)

• firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component (CVE-2026-12325)

• firefox: thunderbird: Sandbox escape in the DOM: Navigation component (CVE-2026-12295)

• firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-12289)

• firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12315)

• firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component (CVE-2026-12296)

• firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12306)

• firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12307)

• firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component (CVE-2026-12297)

• firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12305)

• firefox: thunderbird: Incorrect boundary conditions in the Web Audio component (CVE-2026-12292)

• firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12308)

• firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-12324)

• firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component (CVE-2026-12304)

• firefox: thunderbird: Use-after-free in the Networking: HTTP component (CVE-2026-12291)

• firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 (CVE-2026-12298)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.