An update for thunderbird is now available for openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2756 Final 1.0 1.0 2026-06-24 Initial 2026-06-24 2026-06-24 openEuler SA Tool V1.0 2026-06-24 thunderbird security update An update for thunderbird is now available for openEuler-24.03-LTS-SP3 Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12289) Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12290) Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12291) Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12292) Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12294) Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12295) Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12296) Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12297) Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12298) JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12299) Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12302) Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12304) Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12305) Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12306) Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12307) Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12308) Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12309) Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12310) Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12311) Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12312) Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12313) Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12314) Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12315) Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12324) Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12325) Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12327) Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.(CVE-2026-12328) Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.(CVE-2026-12329) Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12.(CVE-2026-12330) Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.(CVE-2026-8388) Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.(CVE-2026-8391) Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.(CVE-2026-8401) Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8946) Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8947) Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8949) Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8950) Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8953) Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8954) Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8955) Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8956) Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8957) Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8958) Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8959) Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8961) Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8962) Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8968) Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8970) Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8974) Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.(CVE-2026-8975) An update for thunderbird is now available for openEuler-24.03-LTS-SP3/openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical thunderbird https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12289 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12290 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12291 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12292 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12294 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12295 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12296 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12297 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12298 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12299 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12302 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12304 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12305 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12306 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12307 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12308 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12309 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12310 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12311 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12312 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12313 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12314 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12315 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12324 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12325 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12327 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12328 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12329 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-12330 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8388 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8391 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8401 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8946 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8947 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8949 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8950 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8953 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8954 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8955 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8956 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8957 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8958 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8959 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8961 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8962 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8968 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8970 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8974 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8975 https://nvd.nist.gov/vuln/detail/CVE-2026-12289 https://nvd.nist.gov/vuln/detail/CVE-2026-12290 https://nvd.nist.gov/vuln/detail/CVE-2026-12291 https://nvd.nist.gov/vuln/detail/CVE-2026-12292 https://nvd.nist.gov/vuln/detail/CVE-2026-12294 https://nvd.nist.gov/vuln/detail/CVE-2026-12295 https://nvd.nist.gov/vuln/detail/CVE-2026-12296 https://nvd.nist.gov/vuln/detail/CVE-2026-12297 https://nvd.nist.gov/vuln/detail/CVE-2026-12298 https://nvd.nist.gov/vuln/detail/CVE-2026-12299 https://nvd.nist.gov/vuln/detail/CVE-2026-12302 https://nvd.nist.gov/vuln/detail/CVE-2026-12304 https://nvd.nist.gov/vuln/detail/CVE-2026-12305 https://nvd.nist.gov/vuln/detail/CVE-2026-12306 https://nvd.nist.gov/vuln/detail/CVE-2026-12307 https://nvd.nist.gov/vuln/detail/CVE-2026-12308 https://nvd.nist.gov/vuln/detail/CVE-2026-12309 https://nvd.nist.gov/vuln/detail/CVE-2026-12310 https://nvd.nist.gov/vuln/detail/CVE-2026-12311 https://nvd.nist.gov/vuln/detail/CVE-2026-12312 https://nvd.nist.gov/vuln/detail/CVE-2026-12313 https://nvd.nist.gov/vuln/detail/CVE-2026-12314 https://nvd.nist.gov/vuln/detail/CVE-2026-12315 https://nvd.nist.gov/vuln/detail/CVE-2026-12324 https://nvd.nist.gov/vuln/detail/CVE-2026-12325 https://nvd.nist.gov/vuln/detail/CVE-2026-12327 https://nvd.nist.gov/vuln/detail/CVE-2026-12328 https://nvd.nist.gov/vuln/detail/CVE-2026-12329 https://nvd.nist.gov/vuln/detail/CVE-2026-12330 https://nvd.nist.gov/vuln/detail/CVE-2026-8388 https://nvd.nist.gov/vuln/detail/CVE-2026-8391 https://nvd.nist.gov/vuln/detail/CVE-2026-8401 https://nvd.nist.gov/vuln/detail/CVE-2026-8946 https://nvd.nist.gov/vuln/detail/CVE-2026-8947 https://nvd.nist.gov/vuln/detail/CVE-2026-8949 https://nvd.nist.gov/vuln/detail/CVE-2026-8950 https://nvd.nist.gov/vuln/detail/CVE-2026-8953 https://nvd.nist.gov/vuln/detail/CVE-2026-8954 https://nvd.nist.gov/vuln/detail/CVE-2026-8955 https://nvd.nist.gov/vuln/detail/CVE-2026-8956 https://nvd.nist.gov/vuln/detail/CVE-2026-8957 https://nvd.nist.gov/vuln/detail/CVE-2026-8958 https://nvd.nist.gov/vuln/detail/CVE-2026-8959 https://nvd.nist.gov/vuln/detail/CVE-2026-8961 https://nvd.nist.gov/vuln/detail/CVE-2026-8962 https://nvd.nist.gov/vuln/detail/CVE-2026-8968 https://nvd.nist.gov/vuln/detail/CVE-2026-8970 https://nvd.nist.gov/vuln/detail/CVE-2026-8974 https://nvd.nist.gov/vuln/detail/CVE-2026-8975 openEuler-24.03-LTS-SP3 thunderbird-140.12.0-1.oe2403sp3.aarch64.rpm thunderbird-debuginfo-140.12.0-1.oe2403sp3.aarch64.rpm thunderbird-debugsource-140.12.0-1.oe2403sp3.aarch64.rpm thunderbird-librnp-rnp-140.12.0-1.oe2403sp3.aarch64.rpm thunderbird-wayland-140.12.0-1.oe2403sp3.aarch64.rpm thunderbird-140.12.0-1.oe2403sp3.src.rpm thunderbird-140.12.0-1.oe2403sp3.x86_64.rpm thunderbird-debuginfo-140.12.0-1.oe2403sp3.x86_64.rpm thunderbird-debugsource-140.12.0-1.oe2403sp3.x86_64.rpm thunderbird-librnp-rnp-140.12.0-1.oe2403sp3.x86_64.rpm thunderbird-wayland-140.12.0-1.oe2403sp3.x86_64.rpm Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12289 openEuler-24.03-LTS-SP3 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12290 openEuler-24.03-LTS-SP3 None 0.0 thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12291 openEuler-24.03-LTS-SP3 None 0.0 thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12292 openEuler-24.03-LTS-SP3 None 0.0 thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12294 openEuler-24.03-LTS-SP3 None 0.0 thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12295 openEuler-24.03-LTS-SP3 None 0.0 thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12296 openEuler-24.03-LTS-SP3 None 0.0 thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12297 openEuler-24.03-LTS-SP3 None 0.0 thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12298 openEuler-24.03-LTS-SP3 Medium 5.4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12299 openEuler-24.03-LTS-SP3 Medium 5.4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12302 openEuler-24.03-LTS-SP3 Medium 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12304 openEuler-24.03-LTS-SP3 Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12305 openEuler-24.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12306 openEuler-24.03-LTS-SP3 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12307 openEuler-24.03-LTS-SP3 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12308 openEuler-24.03-LTS-SP3 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12309 openEuler-24.03-LTS-SP3 Medium 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12310 openEuler-24.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12311 openEuler-24.03-LTS-SP3 Medium 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12312 openEuler-24.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12313 openEuler-24.03-LTS-SP3 Medium 4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12314 openEuler-24.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12315 openEuler-24.03-LTS-SP3 Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12324 openEuler-24.03-LTS-SP3 High 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12325 openEuler-24.03-LTS-SP3 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12327 openEuler-24.03-LTS-SP3 High 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. 2026-06-24 CVE-2026-12328 openEuler-24.03-LTS-SP3 High 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12. 2026-06-24 CVE-2026-12329 openEuler-24.03-LTS-SP3 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12. 2026-06-24 CVE-2026-12330 openEuler-24.03-LTS-SP3 Medium 5.4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. 2026-06-24 CVE-2026-8388 openEuler-24.03-LTS-SP3 Medium 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. 2026-06-24 CVE-2026-8391 openEuler-24.03-LTS-SP3 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. 2026-06-24 CVE-2026-8401 openEuler-24.03-LTS-SP3 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8946 openEuler-24.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8947 openEuler-24.03-LTS-SP3 High 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8949 openEuler-24.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8950 openEuler-24.03-LTS-SP3 Critical 9.3 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8953 openEuler-24.03-LTS-SP3 Critical 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8954 openEuler-24.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8955 openEuler-24.03-LTS-SP3 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8956 openEuler-24.03-LTS-SP3 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8957 openEuler-24.03-LTS-SP3 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8958 openEuler-24.03-LTS-SP3 High 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8959 openEuler-24.03-LTS-SP3 Critical 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8961 openEuler-24.03-LTS-SP3 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8962 openEuler-24.03-LTS-SP3 High 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8968 openEuler-24.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8970 openEuler-24.03-LTS-SP3 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8974 openEuler-24.03-LTS-SP3 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756 Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. 2026-06-24 CVE-2026-8975 openEuler-24.03-LTS-SP3 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H thunderbird security update 2026-06-24 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2756