SB20260511100 - Multiple vulnerabilities in Mozilla Thunderbird

Security Bulletin ID SB20260511100

CSH Severity

High

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2026-8090)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to use-after-free in the DOM: Networking component when processing web content. A remote attacker can trigger the use-after-free with specially crafted content to execute arbitrary code.

User interaction is required to visit a specially crafted website or open a specially crafted URL.

2) Buffer overflow (CVE-ID: CVE-2026-8092)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to memory corruption when processing web content. A remote attacker can trigger memory corruption using specially crafted content to execute arbitrary code.

Some of the reported bugs showed evidence of memory corruption.

3) Buffer overflow (CVE-ID: CVE-2026-8093)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to memory corruption when processing web content. A remote attacker can trigger memory corruption using specially crafted content to execute arbitrary code.

Some of the reported bugs showed evidence of memory corruption.

Remediation

Install update from vendor's website.

References

https://www.mozilla.org/en-US/security/advisories/mfsa2026-43/

SB20260511100 - Multiple vulnerabilities in Mozilla Thunderbird

Breakdown by Severity

Description

Remediation

References

Please verify you're human