rpm package
opensuse/MozillaThunderbird&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
Vulnerabilities (1,600)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-6771 | Cri | 9.8 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6770 | Med | 6.5 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6769 | Hig | 8.8 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6767 | Med | 5.3 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6766 | Hig | 7.5 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6765 | Med | 5.3 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6764 | Med | 6.5 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6763 | Med | 6.5 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6762 | Med | 6.3 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6761 | Hig | 8.8 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6759 | Hig | 7.5 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6757 | Med | 6.3 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6754 | Hig | 7.5 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6753 | Hig | 7.3 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6752 | Hig | 7.3 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6751 | Hig | 7.3 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6750 | Hig | 8.8 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6749 | Hig | 7.5 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6748 | Cri | 9.8 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | |
| CVE-2026-6747 | Hig | 7.5 | < 140.9.1-1.1 | 140.9.1-1.1 | Apr 21, 2026 | Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. |
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- affected < 140.9.1-1.1fixed 140.9.1-1.1
Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Page 4 of 80