[Git][security-tracker-team/security-tracker][master] Add thunderbird issues from mfsa2026-17

Salvatore Bonaccorso (@carnil) Thu, 26 Feb 2026 14:20:35 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9ee5b1c1 by Salvatore Bonaccorso at 2026-02-26T23:19:48+01:00
Add thunderbird issues from mfsa2026-17

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1020,14 +1020,18 @@ CVE-2026-2793 (Memory safety bugs present in Firefox 
ESR 115.32, Firefox ESR 140
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2793
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2793
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2793
 CVE-2026-2792 (Memory safety bugs present in Firefox ESR 140.7, Thunderbird 
ESR 140.7 ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2792
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2792
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2792
 CVE-2026-2807 (Memory safety bugs present in Firefox 147 and Thunderbird 147. 
Some of ...)
        - firefox 148.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2807
@@ -1035,14 +1039,18 @@ CVE-2026-2791 (Mitigation bypass in the Networking: 
Cache component. This vulner
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2791
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2791
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2791
 CVE-2026-2790 (Same-origin policy bypass in the Networking: JAR component. 
This vulne ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2790
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2790
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2790
 CVE-2026-2806 (Uninitialized memory in the Graphics: Text component. This 
vulnerabili ...)
        - firefox 148.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2806
@@ -1050,20 +1058,26 @@ CVE-2026-2789 (Use-after-free in the Graphics: ImageLib 
component. This vulnerab
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2789
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2789
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2789
 CVE-2026-2788 (Incorrect boundary conditions in the Audio/Video: GMP 
component. This  ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2788
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2788
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2788
 CVE-2026-2787 (Use-after-free in the DOM: Window and Location component. This 
vulnera ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2787
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2787
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2787
 CVE-2026-2805 (Invalid pointer in the DOM: Core & HTML component. This 
vulnerability  ...)
        - firefox 148.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2805
@@ -1071,8 +1085,10 @@ CVE-2026-2786 (Use-after-free in the JavaScript Engine 
component. This vulnerabi
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2786
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2786
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2786
 CVE-2026-2804 (Use-after-free in the JavaScript: WebAssembly component. This 
vulnerab ...)
        - firefox 148.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2804
@@ -1080,14 +1096,18 @@ CVE-2026-2785 (Invalid pointer in the JavaScript Engine 
component. This vulnerab
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2785
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2785
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2785
 CVE-2026-2784 (Mitigation bypass in the DOM: Security component. This 
vulnerability a ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2784
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2784
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2784
 CVE-2026-2803 (Information disclosure, mitigation bypass in the Settings UI 
component ...)
        - firefox 148.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2803
@@ -1098,14 +1118,18 @@ CVE-2026-2783 (Information disclosure due to JIT 
miscompilation in the JavaScrip
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2783
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2783
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2783
 CVE-2026-2782 (Privilege escalation in the Netmonitor component. This 
vulnerability a ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2782
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2782
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2782
 CVE-2026-2801 (Incorrect boundary conditions in the JavaScript: WebAssembly 
component ...)
        - firefox 148.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2801
@@ -1113,17 +1137,21 @@ CVE-2026-2781 (Integer overflow in the Libraries 
component in NSS. This vulnerab
        {DSA-6149-1 DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        - nss 2:3.121-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2781
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2781
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2781
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=2009552 (private)
        NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/245385e16fa6
 CVE-2026-2780 (Privilege escalation in the Netmonitor component. This 
vulnerability a ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2780
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2780
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2780
 CVE-2026-2800 (Spoofing issue in the WebAuthn component in Firefox for 
Android. This  ...)
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2800
@@ -1131,61 +1159,81 @@ CVE-2026-2779 (Incorrect boundary conditions in the 
Networking: JAR component. T
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2779
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2779
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2779
 CVE-2026-2778 (Sandbox escape due to incorrect boundary conditions in the DOM: 
Core & ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2778
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2778
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2778
 CVE-2026-2777 (Privilege escalation in the Messaging System component. This 
vulnerabi ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2777
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2777
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2777
 CVE-2026-2776 (Sandbox escape due to incorrect boundary conditions in the 
Telemetry c ...)
        - firefox <unfixed>
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2776
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2776
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2776
 CVE-2026-2775 (Mitigation bypass in the DOM: HTML Parser component. This 
vulnerabilit ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2775
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2775
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2775
 CVE-2026-2774 (Integer overflow in the Audio/Video component. This 
vulnerability affe ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2774
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2774
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2774
 CVE-2026-2773 (Incorrect boundary conditions in the Web Audio component. This 
vulnera ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2773
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2773
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2773
 CVE-2026-2772 (Use-after-free in the Audio/Video: Playback component. This 
vulnerabil ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2772
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2772
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2772
 CVE-2026-2771 (Undefined behavior in the DOM: Core & HTML component. This 
vulnerabili ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2771
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2771
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2771
 CVE-2026-2770 (Use-after-free in the DOM: Bindings (WebIDL) component. This 
vulnerabi ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2770
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2770
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2770
 CVE-2026-2799 (Use-after-free in the DOM: Core & HTML component. This 
vulnerability a ...)
        - firefox 148.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2799
@@ -1193,8 +1241,10 @@ CVE-2026-2769 (Use-after-free in the Storage: IndexedDB 
component. This vulnerab
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2769
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2769
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2769
 CVE-2026-2798 (Use-after-free in the DOM: Core & HTML component. This 
vulnerability a ...)
        - firefox 148.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2798
@@ -1202,26 +1252,34 @@ CVE-2026-2768 (Sandbox escape in the Storage: IndexedDB 
component. This vulnerab
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2768
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2768
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2768
 CVE-2026-2767 (Use-after-free in the JavaScript: WebAssembly component. This 
vulnerab ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2767
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2767
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2767
 CVE-2026-2766 (Use-after-free in the JavaScript Engine: JIT component. This 
vulnerabi ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2766
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2766
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2766
 CVE-2026-2765 (Use-after-free in the JavaScript Engine component. This 
vulnerability  ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2765
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2765
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2765
 CVE-2026-2797 (Use-after-free in the JavaScript: GC component. This 
vulnerability aff ...)
        - firefox 148.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2797
@@ -1232,32 +1290,42 @@ CVE-2026-2764 (JIT miscompilation, use-after-free in 
the JavaScript Engine: JIT
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2764
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2764
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2764
 CVE-2026-2763 (Use-after-free in the JavaScript Engine component. This 
vulnerability  ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2763
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2763
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2763
 CVE-2026-2762 (Integer overflow in the JavaScript: Standard Library component. 
This v ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2762
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2762
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2762
 CVE-2026-2761 (Sandbox escape in the Graphics: WebRender component. This 
vulnerabilit ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2761
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2761
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2761
 CVE-2026-2760 (Sandbox escape due to incorrect boundary conditions in the 
Graphics: W ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - tunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2760
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2760
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2760
 CVE-2026-2795 (Use-after-free in the JavaScript: GC component. This 
vulnerability aff ...)
        - firefox 148.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2795
@@ -1265,14 +1333,18 @@ CVE-2026-2759 (Incorrect boundary conditions in the 
Graphics: ImageLib component
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2759
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2759
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2759
 CVE-2026-2758 (Use-after-free in the JavaScript: GC component. This 
vulnerability aff ...)
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2758
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2758
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2758
 CVE-2026-2794 (Information disclosure due to uninitialized memory in Firefox 
and Fire ...)
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2794
@@ -1280,8 +1352,10 @@ CVE-2026-2757 (Incorrect boundary conditions in the 
WebRTC: Audio/Video componen
        {DSA-6148-1}
        - firefox 148.0-1
        - firefox-esr 140.8.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2757
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/#CVE-2026-2757
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/#CVE-2026-2757
 CVE-2026-3091 (An uncontrolled search path element vulnerability in Synology 
Presto C ...)
        NOT-FOR-US: Synology
 CVE-2026-3075 (Exposure of Sensitive System Information to an Unauthorized 
Control Sp ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ee5b1c122b6e8a917f9c266ec805cfd4d7e228a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ee5b1c122b6e8a917f9c266ec805cfd4d7e228a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add thunderbird issues from mfsa2026-17

Reply via email to