[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2026-0081":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":92,"duplicates":93,"related":94,"reserved_at":9,"published_at":134,"modified_at":135,"state":9,"summary":136,"references_raw":138,"kevs":159,"epss":9,"epss_history":160,"metrics":161,"affected":162},"MGASA-2026-0081","Updated thunderbird packages fix security vulnerabilities\n\nDenial-of-service in the XML component. (CVE-2025-59375)\nSpoofing issue in Thunderbird. (CVE-2026-3889)\nRace condition, use-after-free in the Graphics: WebRender component.\n(CVE-2026-4684)\nIncorrect boundary conditions in the Graphics: Canvas2D component.\n(CVE-2026-4685)\nIncorrect boundary conditions in the Graphics: Canvas2D component.\n(CVE-2026-4686)\nSandbox escape due to incorrect boundary conditions in the Telemetry\ncomponent. (CVE-2026-4687)\nSandbox escape due to use-after-free in the Disability Access APIs\ncomponent. (CVE-2026-4688)\nSandbox escape due to incorrect boundary conditions, integer overflow in\nthe XPCOM component. (CVE-2026-4689)\nSandbox escape due to incorrect boundary conditions, integer overflow in\nthe XPCOM component. (CVE-2026-4690)\nUse-after-free in the CSS Parsing and Computation component.\n(CVE-2026-4691)\nSandbox escape in the Responsive Design Mode component. (CVE-2026-4692)\nIncorrect boundary conditions in the Audio/Video: Playback component.\n(CVE-2026-4693)\nIncorrect boundary conditions, integer overflow in the Graphics\ncomponent. (CVE-2026-4694)\nIncorrect boundary conditions in the Audio/Video: Web Codecs component.\n(CVE-2026-4695)\nUse-after-free in the Layout: Text and Fonts component. (CVE-2026-4696)\nIncorrect boundary conditions in the Audio/Video: Web Codecs component.\n(CVE-2026-4697)\nJIT miscompilation in the JavaScript Engine: JIT component.\n(CVE-2026-4698)\nIncorrect boundary conditions in the Layout: Text and Fonts component.\n(CVE-2026-4699)\nMitigation bypass in the Networking: HTTP component. (CVE-2026-4700)\nUse-after-free in the JavaScript Engine component. (CVE-2026-4701)\nJIT miscompilation in the JavaScript Engine component. (CVE-2026-4702)\nDenial-of-service in the WebRTC: Signaling component. (CVE-2026-4704)\nUndefined behavior in the WebRTC: Signaling component. (CVE-2026-4705)\nIncorrect boundary conditions in the Graphics: Canvas2D component.\n(CVE-2026-4706)\nIncorrect boundary conditions in the Graphics: Canvas2D component.\n(CVE-2026-4707)\nIncorrect boundary conditions in the Graphics component. (CVE-2026-4708)\nIncorrect boundary conditions in the Audio/Video: GMP component.\n(CVE-2026-4709)\nIncorrect boundary conditions in the Audio/Video component.\n(CVE-2026-4710)\nUse-after-free in the Widget: Cocoa component. (CVE-2026-4711)\nInformation disclosure in the Widget: Cocoa component. (CVE-2026-4712)\nIncorrect boundary conditions in the Graphics component. (CVE-2026-4713)\nIncorrect boundary conditions in the Audio/Video component.\n(CVE-2026-4714)\nUninitialized memory in the Graphics: Canvas2D component.\n(CVE-2026-4715)\nIncorrect boundary conditions, uninitialized memory in the JavaScript\nEngine component. (CVE-2026-4716)\nPrivilege escalation in the Netmonitor component. (CVE-2026-4717)\nUndefined behavior in the WebRTC: Signaling component. (CVE-2026-4718)\nIncorrect boundary conditions in the Graphics: Text component.\n(CVE-2026-4719)\nMemory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9,\nFirefox 149 and Thunderbird 149. (CVE-2026-4720)\nMemory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9,\nThunderbird ESR 140.9, Firefox 149 and Thunderbird 149. (CVE-2026-4721)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90],{"_key":15},"CVE-2025-59375",{"_key":17},"CVE-2026-3889",{"_key":19},"CVE-2026-4684",{"_key":21},"CVE-2026-4685",{"_key":23},"CVE-2026-4686",{"_key":25},"CVE-2026-4687",{"_key":27},"CVE-2026-4688",{"_key":29},"CVE-2026-4689",{"_key":31},"CVE-2026-4690",{"_key":33},"CVE-2026-4691",{"_key":35},"CVE-2026-4692",{"_key":37},"CVE-2026-4693",{"_key":39},"CVE-2026-4694",{"_key":41},"CVE-2026-4695",{"_key":43},"CVE-2026-4696",{"_key":45},"CVE-2026-4697",{"_key":47},"CVE-2026-4698",{"_key":49},"CVE-2026-4699",{"_key":51},"CVE-2026-4700",{"_key":53},"CVE-2026-4701",{"_key":55},"CVE-2026-4702",{"_key":57},"CVE-2026-4704",{"_key":59},"CVE-2026-4705",{"_key":61},"CVE-2026-4706",{"_key":63},"CVE-2026-4707",{"_key":65},"CVE-2026-4708",{"_key":67},"CVE-2026-4709",{"_key":69},"CVE-2026-4710",{"_key":71},"CVE-2026-4711",{"_key":73},"CVE-2026-4712",{"_key":75},"CVE-2026-4713",{"_key":77},"CVE-2026-4714",{"_key":79},"CVE-2026-4715",{"_key":81},"CVE-2026-4716",{"_key":83},"CVE-2026-4717",{"_key":85},"CVE-2026-4718",{"_key":87},"CVE-2026-4719",{"_key":89},"CVE-2026-4720",{"_key":91},"CVE-2026-4721",[],[],[95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":83},{"_key":85},{"_key":87},{"_key":89},{"_key":91},"2026-04-02T16:48:37Z","2026-04-16T04:16:10.191331Z",{"cisa_kev":137,"cisa_ransomware":137,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[139,145,150,155],{"url":140,"sources":141,"tags":143},"https://advisories.mageia.org/MGASA-2026-0081.html",[142],"osv_mageia",[144],"Advisory",{"url":146,"sources":147,"tags":148},"https://bugs.mageia.org/show_bug.cgi?id=35273",[142],[149],"REPORT",{"url":151,"sources":152,"tags":153},"https://www.thunderbird.net/en-US/thunderbird/140.9.0esr/releasenotes/",[142],[149,154],"WEB",{"url":156,"sources":157,"tags":158},"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/",[142],[149,144],[],[],[],[163,175],{"ecosystem":164,"name":165,"vendor":166,"product":165,"cpe_part":9,"purl_type":167,"purl_namespace":166,"purl_name":165,"source":9,"versions":168},"Mageia","thunderbird","mageia","rpm",[169],{"version":170,"is_range":171,"range_type":172,"version_start":9,"version_start_type":9,"version_end":173,"version_end_type":174,"fixed_in":9},"lt140_9_0_1_mga9",true,"ecosystem","140.9.0-1.mga9","excluding",{"ecosystem":164,"name":176,"vendor":166,"product":176,"cpe_part":9,"purl_type":167,"purl_namespace":166,"purl_name":176,"source":9,"versions":177},"thunderbird-l10n",[178],{"version":170,"is_range":171,"range_type":172,"version_start":9,"version_start_type":9,"version_end":173,"version_end_type":174,"fixed_in":9}]