thunderbird-140.11.0-1.el8_10.ML.1

エラータID: AXSA:2026-781:13

Release date: 
Friday, June 12, 2026 - 10:12
Subject: 
thunderbird-140.11.0-1.el8_10.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

firefox: Incorrect boundary conditions in the JavaScript Engine: JIT
component (CVE-2026-8388)
firefox: Other issue in the JavaScript Engine component (CVE-2026-8391)
firefox: Sandbox escape in the Profile Backup component (CVE-2026-8401)
firefox: Integer overflow in the Networking: JAR component (CVE-2026-8956)
firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11
and Firefox 151 (CVE-2026-8975)
firefox: Privilege escalation in the DOM: Workers component (CVE-2026-8955)
firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web
Codecs component (CVE-2026-8968)
firefox: Incorrect boundary conditions, integer overflow in the Audio/Video
component (CVE-2026-8954)
firefox: Information disclosure, sandbox escape in the Security: Process
Sandboxing component (CVE-2026-8958)
firefox: Incorrect boundary conditions in the Audio/Video: Web Codecs
component (CVE-2026-8946)
firefox: Privilege escalation in the Security component (CVE-2026-8970)
firefox: Same-origin policy bypass in the Networking: HTTP component
(CVE-2026-8950)
firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151
(CVE-2026-8974)
firefox: Sandbox escape due to use-after-free in the Disability Access APIs
component (CVE-2026-8953)
firefox: Sandbox escape due to incorrect boundary conditions in the Widget:
Win32 component (CVE-2026-8959)
firefox: Spoofing issue in the Form Autofill component (CVE-2026-8961)
firefox: Use-after-free in the DOM: Bindings (WebIDL) component
(CVE-2026-8947)
firefox: Mitigation bypass in the DOM: Security component (CVE-2026-8962)
firefox: Privilege escalation in the Enterprise Policies component
(CVE-2026-8957)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2026-8388
CVE-2026-8391
CVE-2026-8401
CVE-2026-8946
CVE-2026-8947
CVE-2026-8950
CVE-2026-8953
CVE-2026-8954
CVE-2026-8955
CVE-2026-8956
CVE-2026-8957
CVE-2026-8958
CVE-2026-8959
CVE-2026-8961
CVE-2026-8962
CVE-2026-8968
CVE-2026-8970
CVE-2026-8974
CVE-2026-8975

Solution: 

Update packages.

CVEs: 
CVE-2026-8388
Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
CVE-2026-8391
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
CVE-2026-8401
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
Additional Info: 

N/A

Download: 

SRPMS
  1. thunderbird-140.11.0-1.el8_10.ML.1.src.rpm
    MD5: b9f4f312c4e5296b16c6e71f1c6248df
    SHA-256: 940093e38dd13b00fbe7a90fd1a42f30c5fab712ac1d5dbe6578a193414af609
    Size: 922.91 MB

Asianux Server 8 for x86_64
  1. thunderbird-140.11.0-1.el8_10.ML.1.x86_64.rpm
    MD5: 838cc8ea19cbd5dd9a0756821bee741b
    SHA-256: 1ba1bec4f01e9b483b84a09af59da753518e304f71603da098027adbc4269bfd
    Size: 115.89 MB