ALSA-2026:9345 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion...

RLSA-2025:18983 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11709 thunderbird: firefox: Cross-process information...

ALSA-2025:18320 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11709 thunderbird: firefox: Cross-process information...

Security Vulnerabilities fixed in Firefox ESR 128.9 — Mozilla

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. Memory safety bugs present in Firefox 136,...

PT-2025-9655 · Mozilla +9 · Firefox +9

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 136 Firefox ESR versions prior to 115.21 Firefox ESR versions prior to 128.8 Description: A compromised content process could trigger a use-after-free in the Browser process by sending bad StreamData over AudioIPC...