Thunderbird

Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.

Published: 2026-05-07T12:45:06.716Z
Updated: 2026-05-19T16:48:31.003Z

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.

Published: 2026-05-07T12:45:05.530Z
Updated: 2026-05-08T22:33:49.148Z

Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.

Published: 2026-05-07T12:45:04.609Z
Updated: 2026-05-08T12:19:00.246Z

Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird 150.0.1.

Published: 2026-04-28T13:49:11.358Z
Updated: 2026-04-30T17:19:52.640Z

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

Published: 2026-04-28T13:49:10.299Z
Updated: 2026-05-07T15:22:40.336Z

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

Published: 2026-04-28T13:49:09.314Z
Updated: 2026-05-07T15:22:40.028Z

Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1.

Published: 2026-04-28T13:49:12.432Z
Updated: 2026-04-30T17:19:49.963Z

Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

Published: 2026-04-28T13:49:08.262Z
Updated: 2026-04-30T17:19:50.682Z

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:13.111Z
Updated: 2026-05-27T17:06:44.028Z

Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:12.492Z
Updated: 2026-05-27T17:11:33.086Z

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:11.823Z
Updated: 2026-05-27T17:03:18.300Z

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:09.740Z
Updated: 2026-05-26T18:49:24.086Z

Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:09.098Z
Updated: 2026-05-27T17:04:09.519Z

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:06.920Z
Updated: 2026-05-27T16:54:59.993Z

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:05.957Z
Updated: 2026-05-27T17:10:07.809Z

Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:05.301Z
Updated: 2026-05-27T16:59:46.908Z

Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:40:55.131Z
Updated: 2026-05-26T17:49:39.113Z

Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:40:51.382Z
Updated: 2026-05-27T16:54:24.193Z

Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.

Published: 2026-04-07T12:43:15.857Z
Updated: 2026-05-10T20:09:00.271Z

Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.

Published: 2026-04-07T12:43:14.833Z
Updated: 2026-05-26T18:14:09.229Z

Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

Published: 2026-03-24T12:30:43.835Z
Updated: 2026-04-13T13:51:19.687Z

Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

Published: 2026-03-24T12:30:41.171Z
Updated: 2026-04-13T13:51:08.072Z

Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

Published: 2026-03-24T12:30:40.673Z
Updated: 2026-04-13T13:51:05.682Z

Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:44.312Z
Updated: 2026-04-13T13:51:21.639Z

Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:43.271Z
Updated: 2026-04-13T13:51:17.655Z

Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:42.279Z
Updated: 2026-04-13T13:51:12.032Z

Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:35.852Z
Updated: 2026-04-13T13:50:46.845Z

Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:25.919Z
Updated: 2026-05-07T14:51:31.763Z

Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:24.864Z
Updated: 2026-04-13T13:48:45.652Z

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:23.260Z
Updated: 2026-04-13T13:48:38.103Z

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.

Published: 2026-03-24T20:27:15.198Z
Updated: 2026-04-13T13:51:25.535Z

Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.

Published: 2026-03-24T20:27:14.437Z
Updated: 2026-04-13T13:51:23.615Z

Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:34.035Z
Updated: 2026-04-13T13:54:40.828Z

Uninitialized memory in the Graphics: Text component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:33.407Z
Updated: 2026-04-13T13:54:38.306Z

Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:32.768Z
Updated: 2026-04-13T13:54:35.780Z

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:32.144Z
Updated: 2026-04-13T13:54:33.221Z

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:31.491Z
Updated: 2026-04-13T13:54:31.077Z

Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:30.784Z
Updated: 2026-04-13T13:54:28.482Z

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:29.929Z
Updated: 2026-04-13T13:54:26.297Z

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:29.312Z
Updated: 2026-04-13T13:54:24.117Z

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:28.665Z
Updated: 2026-04-13T13:54:22.045Z

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:28.034Z
Updated: 2026-04-13T13:54:19.927Z

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:27.406Z
Updated: 2026-04-13T13:54:17.607Z

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:26.775Z
Updated: 2026-04-13T13:54:13.816Z

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:26.111Z
Updated: 2026-04-13T13:54:11.193Z

Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:23.571Z
Updated: 2026-04-13T13:53:03.837Z

Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:22.842Z
Updated: 2026-04-13T13:53:50.518Z

Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:22.237Z
Updated: 2026-04-21T02:40:55.797Z

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:21.600Z
Updated: 2026-04-13T13:53:42.980Z

Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:20.961Z
Updated: 2026-04-13T13:53:00.745Z

Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:20.287Z
Updated: 2026-04-21T02:40:29.432Z

Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:19.579Z
Updated: 2026-04-13T13:52:56.351Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:18.980Z
Updated: 2026-05-10T12:54:19.009Z

Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:18.254Z
Updated: 2026-04-13T13:53:37.061Z

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:17.554Z
Updated: 2026-04-16T14:32:57.551Z

Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:16.921Z
Updated: 2026-04-13T13:53:30.360Z

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:16.262Z
Updated: 2026-04-13T13:53:27.919Z

Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35.

Published: 2026-02-24T13:33:15.551Z
Updated: 2026-04-21T12:40:43.312Z

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:14.850Z
Updated: 2026-04-13T13:53:23.298Z

Incorrect boundary conditions in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:14.195Z
Updated: 2026-04-16T14:32:33.729Z

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:13.564Z
Updated: 2026-04-16T14:32:14.511Z

Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:12.869Z
Updated: 2026-04-13T13:52:51.037Z

Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:12.247Z
Updated: 2026-04-16T14:31:49.143Z

Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:11.553Z
Updated: 2026-04-16T14:31:30.683Z

Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:10.821Z
Updated: 2026-04-13T13:52:44.181Z

Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:10.177Z
Updated: 2026-04-16T14:31:07.312Z

Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:09.181Z
Updated: 2026-04-13T13:52:39.456Z

Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:08.538Z
Updated: 2026-04-16T14:30:39.225Z

Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:07.898Z
Updated: 2026-04-13T13:52:34.610Z

Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:06.912Z
Updated: 2026-04-13T13:52:32.795Z

Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:06.258Z
Updated: 2026-04-13T13:53:18.772Z

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:05.551Z
Updated: 2026-04-13T13:53:16.679Z

Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:04.946Z
Updated: 2026-04-16T14:28:29.474Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:03.943Z
Updated: 2026-04-16T14:27:42.110Z

JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:03.207Z
Updated: 2026-04-16T14:27:18.103Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:02.514Z
Updated: 2026-04-15T15:39:44.974Z

Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:01.761Z
Updated: 2026-04-15T15:39:20.955Z

Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:01.011Z
Updated: 2026-04-15T15:38:48.489Z

Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:00.290Z
Updated: 2026-04-15T15:38:19.407Z

Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:32:59.173Z
Updated: 2026-04-15T15:38:00.858Z

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:32:58.501Z
Updated: 2026-04-15T15:37:39.628Z

Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:32:57.740Z
Updated: 2026-04-14T15:11:01.347Z

Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

Published: 2026-01-13T13:30:59.874Z
Updated: 2026-04-13T13:52:12.599Z

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:59.454Z
Updated: 2026-04-13T13:52:10.334Z

Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:59.089Z
Updated: 2026-04-13T13:52:07.852Z

Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

Published: 2026-01-13T13:30:58.675Z
Updated: 2026-04-13T13:52:05.389Z

Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

Published: 2026-01-13T13:30:58.296Z
Updated: 2026-04-13T13:52:02.777Z

Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:57.847Z
Updated: 2026-04-13T13:51:59.523Z

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:57.400Z
Updated: 2026-04-13T13:51:57.056Z

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:56.939Z
Updated: 2026-04-13T13:51:54.970Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:56.543Z
Updated: 2026-04-13T13:51:52.987Z

Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:56.043Z
Updated: 2026-04-13T13:51:51.032Z

Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:55.562Z
Updated: 2026-04-13T13:51:48.764Z

Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

Published: 2026-01-13T13:30:55.122Z
Updated: 2026-04-13T13:51:46.729Z

Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:54.679Z
Updated: 2026-04-13T13:51:44.559Z

Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:54.207Z
Updated: 2026-04-13T13:51:42.642Z

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:53.697Z
Updated: 2026-04-13T13:51:40.607Z

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:52.979Z
Updated: 2026-04-13T13:51:38.648Z

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. This vulnerability was fixed in Thunderbird 147.0.1 and Thunderbird 140.7.1.

Published: 2026-01-28T07:39:17.467Z
Updated: 2026-04-13T13:52:14.777Z

Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142 and Thunderbird 142.

Published: 2025-08-19T20:33:57.516Z
Updated: 2026-04-13T14:29:49.002Z

Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.

Published: 2025-08-19T20:33:55.556Z
Updated: 2026-04-13T14:25:52.926Z

Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2.

Published: 2025-08-19T20:33:58.037Z
Updated: 2026-04-13T14:28:41.568Z

Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2.

Published: 2025-08-19T20:33:56.512Z
Updated: 2026-04-13T14:28:37.915Z

Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.

Published: 2025-08-19T20:33:55.063Z
Updated: 2026-04-13T14:25:51.187Z

Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.

Published: 2025-08-19T20:33:54.532Z
Updated: 2026-04-13T14:25:49.457Z

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.

Published: 2025-08-19T20:33:53.949Z
Updated: 2026-04-13T14:25:47.601Z

Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141 and Thunderbird 141.

Published: 2025-07-22T20:49:29.263Z
Updated: 2026-04-13T14:30:58.534Z

Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141.

Published: 2025-07-22T20:49:28.983Z
Updated: 2026-04-13T14:31:33.345Z

Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Published: 2025-07-22T20:49:28.310Z
Updated: 2026-04-13T14:27:10.161Z

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Published: 2025-07-22T20:49:27.191Z
Updated: 2026-04-13T14:27:04.816Z

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Published: 2025-07-22T20:49:26.764Z
Updated: 2026-04-13T14:27:01.276Z

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Published: 2025-07-22T20:49:25.621Z
Updated: 2026-04-13T14:26:53.773Z

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Published: 2025-07-22T20:49:25.303Z
Updated: 2026-04-13T14:26:51.977Z

Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:28.660Z
Updated: 2026-04-13T14:27:11.988Z

Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:27.749Z
Updated: 2026-04-13T14:27:08.421Z

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:27.477Z
Updated: 2026-04-13T14:27:06.664Z

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:26.507Z
Updated: 2026-04-13T14:26:59.396Z

The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:26.243Z
Updated: 2026-04-13T14:26:57.626Z

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:25.931Z
Updated: 2026-04-13T14:26:55.584Z

Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:24.898Z
Updated: 2026-04-13T14:26:50.157Z

On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:24.592Z
Updated: 2026-04-13T14:26:48.394Z

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:24.039Z
Updated: 2026-04-13T14:26:46.624Z

A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability was fixed in Thunderbird 128.11.1 and Thunderbird 139.0.2.

Published: 2025-06-11T12:07:50.430Z
Updated: 2026-04-13T14:28:34.275Z

A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 139 and Thunderbird < 128.11.

Published: 2025-05-27T12:29:21.813Z
Updated: 2025-08-25T18:18:53.632Z

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

Published: 2025-05-17T21:07:27.734Z
Updated: 2026-04-13T14:25:56.780Z

An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

Published: 2025-05-17T21:07:26.745Z
Updated: 2026-04-13T14:25:54.968Z

Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

Published: 2025-04-29T13:13:49.479Z
Updated: 2026-04-13T14:28:52.122Z

Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Thunderbird 138, and Thunderbird 128.10.

Published: 2025-04-29T13:13:48.089Z
Updated: 2026-04-13T14:27:22.909Z

A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

Published: 2025-04-29T13:13:46.677Z
Updated: 2026-04-13T14:28:50.482Z

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

Published: 2025-04-29T13:13:45.152Z
Updated: 2026-04-13T14:28:48.766Z

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

Published: 2025-04-29T13:13:43.684Z
Updated: 2026-04-13T14:28:47.062Z

A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Thunderbird 138, and Thunderbird 128.10.

Published: 2025-04-29T13:13:42.302Z
Updated: 2026-04-13T14:27:21.172Z

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

Published: 2025-04-29T13:13:40.899Z
Updated: 2026-04-13T14:28:45.158Z

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

Published: 2025-04-29T13:13:39.469Z
Updated: 2026-04-13T14:28:43.317Z

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.

Published: 2025-04-29T13:13:36.578Z
Updated: 2026-04-13T14:27:17.492Z

Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.

Published: 2025-04-29T13:13:35.242Z
Updated: 2026-04-13T14:27:15.646Z

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Published: 2025-03-04T13:31:22.418Z
Updated: 2026-04-13T14:27:31.484Z

Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135 and Thunderbird 135.

Published: 2025-02-04T13:58:56.390Z
Updated: 2026-04-13T14:25:25.512Z

The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135.

Published: 2025-02-04T13:58:54.064Z
Updated: 2026-04-13T14:25:16.746Z

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135.

Published: 2025-02-04T13:58:52.807Z
Updated: 2026-04-13T14:25:10.866Z

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:56.028Z
Updated: 2026-04-13T14:25:23.811Z

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:55.672Z
Updated: 2026-04-13T14:25:22.068Z

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:54.940Z
Updated: 2026-04-13T14:25:20.384Z

A race during concurrent delazification could have led to a use-after-free. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:53.687Z
Updated: 2026-04-13T14:25:14.718Z

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:53.239Z
Updated: 2026-04-13T14:25:12.907Z

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:52.357Z
Updated: 2026-04-13T14:25:08.956Z

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:51.928Z
Updated: 2026-04-13T14:25:07.080Z

Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and Thunderbird 146.

Published: 2025-12-09T13:38:08.758Z
Updated: 2026-04-13T14:28:06.191Z

Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:38:07.191Z
Updated: 2026-04-13T14:25:43.540Z

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:38:05.995Z
Updated: 2026-04-13T14:25:41.657Z

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:38:04.796Z
Updated: 2026-04-13T14:25:39.463Z

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:38:03.509Z
Updated: 2026-04-13T14:25:37.532Z

Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7.

Published: 2025-12-09T13:38:02.260Z
Updated: 2026-04-13T14:24:13.332Z

Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146.

Published: 2025-12-09T13:38:00.695Z
Updated: 2026-04-13T14:28:03.973Z

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:37:58.843Z
Updated: 2026-04-13T14:25:35.644Z

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:37:57.533Z
Updated: 2026-04-13T14:25:33.489Z

Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:37:56.358Z
Updated: 2026-04-13T14:25:31.606Z

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:37:55.159Z
Updated: 2026-04-13T14:25:29.901Z

Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:37:53.872Z
Updated: 2026-04-13T14:25:27.309Z

Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:36.209Z
Updated: 2026-04-13T14:29:45.602Z

Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Published: 2025-09-16T12:26:37.029Z
Updated: 2026-04-13T14:28:25.818Z

Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135.

Published: 2025-02-04T13:58:55.320Z
Updated: 2026-04-13T14:30:38.919Z