Security update for MozillaThunderbird SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0880-1 Final 1 1 2026-03-12T10:18:33Z current 2026-03-12T10:18:33Z 2026-03-12T10:18:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaThunderbird This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 140.8 MFSA 2026-17 (bsc#1258568): - CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component - CVE-2026-2758: Use-after-free in the JavaScript: GC component - CVE-2026-2759: Incorrect boundary conditions in the Graphics: ImageLib component - CVE-2026-2760: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component - CVE-2026-2761: Sandbox escape in the Graphics: WebRender component - CVE-2026-2762: Integer overflow in the JavaScript: Standard Library component - CVE-2026-2763: Use-after-free in the JavaScript Engine component - CVE-2026-2764: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component - CVE-2026-2765: Use-after-free in the JavaScript Engine component - CVE-2026-2766: Use-after-free in the JavaScript Engine: JIT component - CVE-2026-2767: Use-after-free in the JavaScript: WebAssembly component - CVE-2026-2768: Sandbox escape in the Storage: IndexedDB component - CVE-2026-2769: Use-after-free in the Storage: IndexedDB component - CVE-2026-2770: Use-after-free in the DOM: Bindings (WebIDL) component - CVE-2026-2771: Undefined behavior in the DOM: Core & HTML component - CVE-2026-2772: Use-after-free in the Audio/Video: Playback component - CVE-2026-2773: Incorrect boundary conditions in the Web Audio component - CVE-2026-2774: Integer overflow in the Audio/Video component - CVE-2026-2775: Mitigation bypass in the DOM: HTML Parser component - CVE-2026-2776: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software - CVE-2026-2777: Privilege escalation in the Messaging System component - CVE-2026-2778: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component - CVE-2026-2779: Incorrect boundary conditions in the Networking: JAR component - CVE-2026-2780: Privilege escalation in the Netmonitor component - CVE-2026-2781: Integer overflow in the Libraries component in NSS - CVE-2026-2782: Privilege escalation in the Netmonitor component - CVE-2026-2783: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component - CVE-2026-2784: Mitigation bypass in the DOM: Security component - CVE-2026-2785: Invalid pointer in the JavaScript Engine component - CVE-2026-2786: Use-after-free in the JavaScript Engine component - CVE-2026-2787: Use-after-free in the DOM: Window and Location component - CVE-2026-2788: Incorrect boundary conditions in the Audio/Video: GMP component - CVE-2026-2789: Use-after-free in the Graphics: ImageLib component - CVE-2026-2790: Same-origin policy bypass in the Networking: JAR component - CVE-2026-2791: Mitigation bypass in the Networking: Cache component - CVE-2026-2792: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 - CVE-2026-2793: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-880,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-880,SUSE-SLE-Product-WE-15-SP7-2026-880,openSUSE-SLE-15.6-2026-880 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ Link for SUSE-SU-2026:0880-1 https://lists.suse.com/pipermail/sle-security-updates/2026-March/024685.html E-Mail link for SUSE-SU-2026:0880-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1258568 SUSE Bug 1258568 https://www.suse.com/security/cve/CVE-2026-2757/ SUSE CVE CVE-2026-2757 page https://www.suse.com/security/cve/CVE-2026-2758/ SUSE CVE CVE-2026-2758 page https://www.suse.com/security/cve/CVE-2026-2759/ SUSE CVE CVE-2026-2759 page https://www.suse.com/security/cve/CVE-2026-2760/ SUSE CVE CVE-2026-2760 page https://www.suse.com/security/cve/CVE-2026-2761/ SUSE CVE CVE-2026-2761 page https://www.suse.com/security/cve/CVE-2026-2762/ SUSE CVE CVE-2026-2762 page https://www.suse.com/security/cve/CVE-2026-2763/ SUSE CVE CVE-2026-2763 page https://www.suse.com/security/cve/CVE-2026-2764/ SUSE CVE CVE-2026-2764 page https://www.suse.com/security/cve/CVE-2026-2765/ SUSE CVE CVE-2026-2765 page https://www.suse.com/security/cve/CVE-2026-2766/ SUSE CVE CVE-2026-2766 page https://www.suse.com/security/cve/CVE-2026-2767/ SUSE CVE CVE-2026-2767 page https://www.suse.com/security/cve/CVE-2026-2768/ SUSE CVE CVE-2026-2768 page https://www.suse.com/security/cve/CVE-2026-2769/ SUSE CVE CVE-2026-2769 page https://www.suse.com/security/cve/CVE-2026-2770/ SUSE CVE CVE-2026-2770 page https://www.suse.com/security/cve/CVE-2026-2771/ SUSE CVE CVE-2026-2771 page https://www.suse.com/security/cve/CVE-2026-2772/ SUSE CVE CVE-2026-2772 page https://www.suse.com/security/cve/CVE-2026-2773/ SUSE CVE CVE-2026-2773 page https://www.suse.com/security/cve/CVE-2026-2774/ SUSE CVE CVE-2026-2774 page https://www.suse.com/security/cve/CVE-2026-2775/ SUSE CVE CVE-2026-2775 page https://www.suse.com/security/cve/CVE-2026-2776/ SUSE CVE CVE-2026-2776 page https://www.suse.com/security/cve/CVE-2026-2777/ SUSE CVE CVE-2026-2777 page https://www.suse.com/security/cve/CVE-2026-2778/ SUSE CVE CVE-2026-2778 page https://www.suse.com/security/cve/CVE-2026-2779/ SUSE CVE CVE-2026-2779 page https://www.suse.com/security/cve/CVE-2026-2780/ SUSE CVE CVE-2026-2780 page https://www.suse.com/security/cve/CVE-2026-2781/ SUSE CVE CVE-2026-2781 page https://www.suse.com/security/cve/CVE-2026-2782/ SUSE CVE CVE-2026-2782 page https://www.suse.com/security/cve/CVE-2026-2783/ SUSE CVE CVE-2026-2783 page https://www.suse.com/security/cve/CVE-2026-2784/ SUSE CVE CVE-2026-2784 page https://www.suse.com/security/cve/CVE-2026-2785/ SUSE CVE CVE-2026-2785 page https://www.suse.com/security/cve/CVE-2026-2786/ SUSE CVE CVE-2026-2786 page https://www.suse.com/security/cve/CVE-2026-2787/ SUSE CVE CVE-2026-2787 page https://www.suse.com/security/cve/CVE-2026-2788/ SUSE CVE CVE-2026-2788 page https://www.suse.com/security/cve/CVE-2026-2789/ SUSE CVE CVE-2026-2789 page https://www.suse.com/security/cve/CVE-2026-2790/ SUSE CVE CVE-2026-2790 page https://www.suse.com/security/cve/CVE-2026-2791/ SUSE CVE CVE-2026-2791 page https://www.suse.com/security/cve/CVE-2026-2792/ SUSE CVE CVE-2026-2792 page https://www.suse.com/security/cve/CVE-2026-2793/ SUSE CVE CVE-2026-2793 page SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP7 openSUSE Leap 15.6 MozillaThunderbird-140.8.0-150200.8.260.1 MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 MozillaThunderbird-140.8.0-150200.8.260.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-140.8.0-150200.8.260.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-140.8.0-150200.8.260.1 as a component of openSUSE Leap 15.6 MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 as a component of openSUSE Leap 15.6 MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 as a component of openSUSE Leap 15.6 Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2757 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2757.html CVE-2026-2757 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2758 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2758.html CVE-2026-2758 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2759 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2759.html CVE-2026-2759 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2760 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2760.html CVE-2026-2760 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2761 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2761.html CVE-2026-2761 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2762 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2762.html CVE-2026-2762 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2763 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2763.html CVE-2026-2763 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2764 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2764.html CVE-2026-2764 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2765 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2765.html CVE-2026-2765 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2766 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2766.html CVE-2026-2766 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2767 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2767.html CVE-2026-2767 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2768 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2768.html CVE-2026-2768 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2769 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2769.html CVE-2026-2769 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2770 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2770.html CVE-2026-2770 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2771 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2771.html CVE-2026-2771 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2772 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2772.html CVE-2026-2772 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2773 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2773.html CVE-2026-2773 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2774 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2774.html CVE-2026-2774 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2775 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2775.html CVE-2026-2775 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2776 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2776.html CVE-2026-2776 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2777 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2777.html CVE-2026-2777 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2778 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2778.html CVE-2026-2778 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2779 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2779.html CVE-2026-2779 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2780 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2780.html CVE-2026-2780 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2781 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2781.html CVE-2026-2781 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2782 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2782.html CVE-2026-2782 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2783 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2783.html CVE-2026-2783 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2784 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2784.html CVE-2026-2784 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2785 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2785.html CVE-2026-2785 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2786 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2786.html CVE-2026-2786 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2787 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2787.html CVE-2026-2787 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2788 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2788.html CVE-2026-2788 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2789 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2789.html CVE-2026-2789 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2790 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2790.html CVE-2026-2790 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2791 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2791.html CVE-2026-2791 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2792 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2792.html CVE-2026-2792 https://bugzilla.suse.com/1258568 SUSE Bug 1258568 Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. CVE-2026-2793 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-140.8.0-150200.8.260.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-140.8.0-150200.8.260.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260880-1/ https://www.suse.com/security/cve/CVE-2026-2793.html CVE-2026-2793 https://bugzilla.suse.com/1258568 SUSE Bug 1258568