Mozilla Foundation Security Advisory 2026-60

Security Vulnerabilities fixed in Thunderbird 152

Announced

June 16, 2026

Impact

high

Products

Thunderbird

Fixed in

Thunderbird 152

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

#CVE-2026-12289: Privilege escalation in the Graphics: WebRender component

Reporter: choeseyeong
Impact: high

References

Bug 2023443

#CVE-2026-12290: Memory safety bug fixed in Thunderbird 152

Reporter: jayjayjazz
Impact: high

References

Bug 2024852

#CVE-2026-12291: Use-after-free in the Networking: HTTP component

Reporter: Zijie Zhao
Impact: high

References

Bug 2036929

#CVE-2026-12292: Incorrect boundary conditions in the Web Audio component

Reporter: Zijie Zhao
Impact: high

References

Bug 2038465

#CVE-2026-12293: Use-after-free in the Graphics: WebGPU component

Reporter: superhei
Impact: high

References

Bug 2039568

#CVE-2026-12294: Sandbox escape in the DOM: Workers component

Reporter: Quy Pham
Impact: high

References

Bug 2039873

#CVE-2026-12295: Sandbox escape in the DOM: Navigation component

Reporter: Yaqoub Aldurayhim
Impact: high

References

Bug 2040160

#CVE-2026-12296: Sandbox escape in the Security: Process Sandboxing component

Reporter: Yaqoub Aldurayhim
Impact: high

References

Bug 2040515

#CVE-2026-12297: Sandbox escape due to incorrect boundary conditions in the Networking component

Reporter: zx
Impact: high

References

Bug 2041610

#CVE-2026-12298: Memory safety bug fixed in Thunderbird 152

Reporter: Haruka Yamazaki
Impact: high

References

Bug 2041981

#CVE-2026-12299: JIT miscompilation in the DOM: Core & HTML component

Reporter: Hyeonjun Ahn
Impact: high

References

Bug 2043139

#CVE-2026-12300: Memory safety bug fixed in Thunderbird 152

Reporter: Niklas
Impact: moderate

References

Bug 1704114

#CVE-2026-12301: Memory safety bug fixed in Thunderbird 152

Reporter: Richard Belisle
Impact: moderate

References

Bug 2015647

#CVE-2026-12302: Mitigation bypass in the DOM: Security component

Reporter: lebr0nli
Impact: moderate

References

Bug 2034489

#CVE-2026-12303: Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component

Reporter: Michal Andryskowski
Impact: moderate

References

Bug 2034608

#CVE-2026-12304: Same-origin policy bypass in the Networking: Cookies component

Reporter: Yaqoub Aldurayhim
Impact: moderate

References

Bug 2034944

#CVE-2026-12305: Memory safety bug fixed in Thunderbird 152

Reporter: Zijie Zhao
Impact: moderate

References

Bug 2037290

#CVE-2026-12306: Memory safety bug fixed in Thunderbird 152

Reporter: Mihalis Haatainen
Impact: moderate

References

Bug 2037323

#CVE-2026-12307: Memory safety bug fixed in Thunderbird 152

Reporter: Atsushi Sada
Impact: moderate

References

Bug 2038133

#CVE-2026-12308: Memory safety bug fixed in Thunderbird 152

Reporter: Mihalis Haatainen
Impact: moderate

References

Bug 2038302

#CVE-2026-12309: Memory safety bug fixed in Thunderbird 152

Reporter: Yaqoub Aldurayhim
Impact: moderate

References

Bug 2038476

#CVE-2026-12310: Memory safety bug fixed in Thunderbird 152

Reporter: Carl Pearson
Impact: moderate

References

Bug 2039707

#CVE-2026-12311: Information disclosure, sandbox escape in the Security: Process Sandboxing component

Reporter: Yaqoub Aldurayhim
Impact: moderate

References

Bug 2040177

#CVE-2026-12312: Memory safety bug fixed in Thunderbird 152

Reporter: Rintaro Kawasugi
Impact: moderate

References

Bug 2040383

#CVE-2026-12313: Information disclosure, sandbox escape in the Security: Process Sandboxing component

Reporter: evyatar
Impact: moderate

References

Bug 2040477

#CVE-2026-12314: Memory safety bug fixed in Thunderbird 152

Reporter: satyamasd
Impact: moderate

References

Bug 2041856

#CVE-2026-12315: Mitigation bypass in the DOM: Security component

Reporter: Nguyen Minh
Impact: moderate

References

Bug 2042058

#CVE-2026-12316: Mitigation bypass in the DOM: Security component

Reporter: Frederik Braun
Impact: moderate

References

Bug 2045496

#CVE-2026-12317: Memory safety bug fixed in Thunderbird 152

Reporter: Frédéric Wang Nélar
Impact: low

References

Bug 2007083

#CVE-2026-12318: Incorrect boundary conditions in the Libraries component in NSS

Reporter: Haruto Kimura
Impact: low

References

Bug 2023478

#CVE-2026-12319: Denial-of-service in the Audio/Video: Playback component

Reporter: jmwebdevelopement
Impact: low

References

Bug 2026933

#CVE-2026-12320: Information disclosure in the Password Manager component

Reporter: Av0id
Impact: low

References

Bug 2027572

#CVE-2026-12321: JIT miscompilation in the JavaScript: WebAssembly component

Reporter: JunYoung Park
Impact: low

References

Bug 2032943

#CVE-2026-12322: Clickjacking issue in the Widget: Gtk component

Reporter: Jivk
Impact: low

References

Bug 2033848

#CVE-2026-12323: Spoofing issue in the DOM: Core & HTML component

Reporter: Jody Ritonga
Impact: low

References

Bug 2035027

#CVE-2026-12324: Incorrect boundary conditions in the Graphics: CanvasWebGL component

Reporter: Mihalis Haatainen
Impact: low

References

Bug 2038444

#CVE-2026-12325: Denial-of-service in the Graphics: ImageLib component

Reporter: Securin
Impact: low

References

Bug 2039443

#CVE-2026-12326: Memory safety bugs fixed in Firefox 152 and Thunderbird 152

Reporter: Ashley Zebrowski, Christian Holler, Dan Baker, Jan de Mooij, Jon Coppeard, Maurice Dauer, Nicolas B. Pierron, Nika Layzell, Randell Jesup, Rob Wu, Ryan Hunt, Steve Fink, Tom Schuster, Tomoya Nakanishi, Yannis Juglaret, Serge Guelton and the Mozilla Fuzzing Team
Impact: high

Description

Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

#CVE-2026-12327: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

Reporter: Christian Holler, Jens Stutte, Nika Layzell, Randell Jesup, Tom Schuster and the Mozilla Fuzzing Team
Impact: moderate

Description

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

Moderate Severity memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

#CVE-2026-12328: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

Reporter: Andrew McCreight, Randell Jesup, Tom Ritter and the Mozilla Fuzzing Team
Impact: high

Description

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

High Severity memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

Firefox browsers

Mozilla VPN

Mozilla Monitor

Firefox Relay

MDN Plus

Thunderbird

Solo

0DIN

Tabstack

About Mozilla

The Mozilla Manifesto

Get Involved

Blog