{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Critical" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"thunderbird security update", "category":"general", "title":"Synopsis" }, { "text":"An update for thunderbird is now available for openEuler-24.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\nUse-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.(CVE-2025-14321)\n\nSandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.(CVE-2025-14322)\n\nPrivilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.(CVE-2025-14323)\n\nJIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.(CVE-2025-14324)\n\nJIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.(CVE-2025-14325)\n\nSpoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7.(CVE-2025-14327)\n\nPrivilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.(CVE-2025-14328)\n\nPrivilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.(CVE-2025-14329)\n\nJIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.(CVE-2025-14330)\n\nSame-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.(CVE-2025-14331)\n\nMemory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.(CVE-2025-14333)\n\nMitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.(CVE-2026-0877)\n\nSandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.(CVE-2026-0878)\n\nSandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.(CVE-2026-0879)\n\nSandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.(CVE-2026-0880)\n\nUse-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.(CVE-2026-0882)\n\nInformation disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.(CVE-2026-0883)\n\nUse-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.(CVE-2026-0884)\n\nUse-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.(CVE-2026-0885)\n\nIncorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.(CVE-2026-0886)\n\nClickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.(CVE-2026-0887)\n\nSpoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.(CVE-2026-0890)\n\nMemory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.(CVE-2026-0891)", "category":"general", "title":"Description" }, { "text":"An update for thunderbird is now available for openEuler-24.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Critical", "category":"general", "title":"Severity" }, { "text":"thunderbird", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1264", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" }, { "summary":"CVE-2025-14321", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-14321&packageName=thunderbird" }, { "summary":"CVE-2025-14322", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-14322&packageName=thunderbird" }, { "summary":"CVE-2025-14323", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-14323&packageName=thunderbird" }, { "summary":"CVE-2025-14324", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-14324&packageName=thunderbird" }, { "summary":"CVE-2025-14325", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-14325&packageName=thunderbird" }, { "summary":"CVE-2025-14327", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-14327&packageName=thunderbird" }, { "summary":"CVE-2025-14328", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-14328&packageName=thunderbird" }, { "summary":"CVE-2025-14329", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-14329&packageName=thunderbird" }, { "summary":"CVE-2025-14330", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-14330&packageName=thunderbird" }, { "summary":"CVE-2025-14331", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-14331&packageName=thunderbird" }, { "summary":"CVE-2025-14333", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-14333&packageName=thunderbird" }, { "summary":"CVE-2026-0877", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0877&packageName=thunderbird" }, { "summary":"CVE-2026-0878", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0878&packageName=thunderbird" }, { "summary":"CVE-2026-0879", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0879&packageName=thunderbird" }, { "summary":"CVE-2026-0880", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0880&packageName=thunderbird" }, { "summary":"CVE-2026-0882", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0882&packageName=thunderbird" }, { "summary":"CVE-2026-0883", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0883&packageName=thunderbird" }, { "summary":"CVE-2026-0884", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0884&packageName=thunderbird" }, { "summary":"CVE-2026-0885", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0885&packageName=thunderbird" }, { "summary":"CVE-2026-0886", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0886&packageName=thunderbird" }, { "summary":"CVE-2026-0887", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0887&packageName=thunderbird" }, { "summary":"CVE-2026-0890", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0890&packageName=thunderbird" }, { "summary":"CVE-2026-0891", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-0891&packageName=thunderbird" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14321" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14322" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14323" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14324" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14325" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14327" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14328" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14329" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14330" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14331" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14333" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0877" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0878" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0879" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0880" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0882" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0883" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0884" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0885" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0886" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0887" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0890" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0891" }, { "summary":"openEuler-SA-2026-1264 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1264.json" } ], "title":"An update for thunderbird is now available for openEuler-24.03-LTS-SP3", "tracking":{ "initial_release_date":"2026-02-03T16:14:07+08:00", "revision_history":[ { "date":"2026-02-03T16:14:07+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-02-03T16:14:07+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-02-03T16:14:07+08:00", "id":"openEuler-SA-2026-1264", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-140.7.0-1.oe2403sp3.aarch64.rpm", "name":"thunderbird-140.7.0-1.oe2403sp3.aarch64.rpm" }, "name":"thunderbird-140.7.0-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64.rpm", "name":"thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64.rpm" }, "name":"thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64.rpm", "name":"thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64.rpm" }, "name":"thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64.rpm", "name":"thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64.rpm" }, "name":"thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64.rpm", "name":"thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64.rpm" }, "name":"thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-140.7.0-1.oe2403sp3.src.rpm", "name":"thunderbird-140.7.0-1.oe2403sp3.src.rpm" }, "name":"thunderbird-140.7.0-1.oe2403sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-140.7.0-1.oe2403sp3.x86_64.rpm", "name":"thunderbird-140.7.0-1.oe2403sp3.x86_64.rpm" }, "name":"thunderbird-140.7.0-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64.rpm", "name":"thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64.rpm" }, "name":"thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64.rpm", "name":"thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64.rpm" }, "name":"thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64.rpm", "name":"thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64.rpm" }, "name":"thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64.rpm", "name":"thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64.rpm" }, "name":"thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-140.7.0-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "name":"thunderbird-140.7.0-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "name":"thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "name":"thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "name":"thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "name":"thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-140.7.0-1.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "name":"thunderbird-140.7.0-1.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-140.7.0-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "name":"thunderbird-140.7.0-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "name":"thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "name":"thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "name":"thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64", "name":"thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-14321", "notes":[ { "text":"Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2025-14321" }, { "cve":"CVE-2025-14322", "notes":[ { "text":"Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.0, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-14322" }, { "cve":"CVE-2025-14323", "notes":[ { "text":"Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-14323" }, { "cve":"CVE-2025-14324", "notes":[ { "text":"JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2025-14324" }, { "cve":"CVE-2025-14325", "notes":[ { "text":"JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-14325" }, { "cve":"CVE-2025-14327", "notes":[ { "text":"Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-14327" }, { "cve":"CVE-2025-14328", "notes":[ { "text":"Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-14328" }, { "cve":"CVE-2025-14329", "notes":[ { "text":"Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-14329" }, { "cve":"CVE-2025-14330", "notes":[ { "text":"JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2025-14330" }, { "cve":"CVE-2025-14331", "notes":[ { "text":"Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-14331" }, { "cve":"CVE-2025-14333", "notes":[ { "text":"Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.1, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-14333" }, { "cve":"CVE-2026-0877", "notes":[ { "text":"Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-0877" }, { "cve":"CVE-2026-0878", "notes":[ { "text":"Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.0, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-0878" }, { "cve":"CVE-2026-0879", "notes":[ { "text":"Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2026-0879" }, { "cve":"CVE-2026-0880", "notes":[ { "text":"Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-0880" }, { "cve":"CVE-2026-0882", "notes":[ { "text":"Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-0882" }, { "cve":"CVE-2026-0883", "notes":[ { "text":"Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-0883" }, { "cve":"CVE-2026-0884", "notes":[ { "text":"Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2026-0884" }, { "cve":"CVE-2026-0885", "notes":[ { "text":"Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-0885" }, { "cve":"CVE-2026-0886", "notes":[ { "text":"Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-0886" }, { "cve":"CVE-2026-0887", "notes":[ { "text":"Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-0887" }, { "cve":"CVE-2026-0890", "notes":[ { "text":"Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.4, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-0890" }, { "cve":"CVE-2026-0891", "notes":[ { "text":"Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ], "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1264" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.1, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.src", "openEuler-24.03-LTS-SP3:thunderbird-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.7.0-1.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:thunderbird-wayland-140.7.0-1.oe2403sp3.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-0891" } ] }