Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 10 Type: Security Severity: Important Release date: 2026-05-03 Summary: Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772) * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754) * firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762) * firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752) * firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770) * firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757) * firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767) * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6786) * firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753) * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759) * firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747) * firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component (CVE-2026-6749) * firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766) * firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761) * firefox: thunderbird: Mitigation bypass in the File Handling component (CVE-2026-6763) * firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750) * firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748) * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785) * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771) * firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component (CVE-2026-6764) * firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765) * firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769) * firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751) * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776) * firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-12285.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team