Mozilla Foundation Security Advisory 2026-61

Security Vulnerabilities fixed in Thunderbird 140.12

Announced

June 16, 2026

Impact

high

Products

Thunderbird

Fixed in

Thunderbird 140.12

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

#CVE-2026-12289: Privilege escalation in the Graphics: WebRender component

Reporter: choeseyeong
Impact: high

References

Bug 2023443

#CVE-2026-12290: Memory safety bug fixed in Thunderbird ESR 140.12

Reporter: jayjayjazz
Impact: high

References

Bug 2024852

#CVE-2026-12291: Use-after-free in the Networking: HTTP component

Reporter: Zijie Zhao
Impact: high

References

Bug 2036929

#CVE-2026-12292: Incorrect boundary conditions in the Web Audio component

Reporter: Zijie Zhao
Impact: high

References

Bug 2038465

#CVE-2026-12294: Sandbox escape in the DOM: Workers component

Reporter: Quy Pham
Impact: high

References

Bug 2039873

#CVE-2026-12295: Sandbox escape in the DOM: Navigation component

Reporter: Yaqoub Aldurayhim
Impact: high

References

Bug 2040160

#CVE-2026-12298: Memory safety bug fixed in Thunderbird ESR 140.12

Reporter: Haruka Yamazaki
Impact: high

References

Bug 2041981

#CVE-2026-12296: Sandbox escape in the Security: Process Sandboxing component

Reporter: Yaqoub Aldurayhim
Impact: high

References

Bug 2040515

#CVE-2026-12297: Sandbox escape due to incorrect boundary conditions in the Networking component

Reporter: zx
Impact: high

References

Bug 2041610

#CVE-2026-12299: JIT miscompilation in the DOM: Core & HTML component

Reporter: Hyeonjun Ahn
Impact: high

References

Bug 2043139

#CVE-2026-12329: Memory safety bug fixed in Thunderbird ESR 140.12

Reporter: Michael Froman
Impact: high

References

Bug 2044738

#CVE-2026-12302: Mitigation bypass in the DOM: Security component

Reporter: lebr0nli
Impact: moderate

References

Bug 2034489

#CVE-2026-12304: Same-origin policy bypass in the Networking: Cookies component

Reporter: Yaqoub Aldurayhim
Impact: moderate

References

Bug 2034944

#CVE-2026-12305: Memory safety bug fixed in Thunderbird ESR 140.12

Reporter: Zijie Zhao
Impact: moderate

References

Bug 2037290

#CVE-2026-12306: Memory safety bug fixed in Thunderbird ESR 140.12

Reporter: Mihalis Haatainen
Impact: moderate

References

Bug 2037323

#CVE-2026-12307: Memory safety bug fixed in Thunderbird ESR 140.12

Reporter: Atsushi Sada
Impact: moderate

References

Bug 2038133

#CVE-2026-12308: Memory safety bug fixed in Thunderbird ESR 140.12

Reporter: Mihalis Haatainen
Impact: moderate

References

Bug 2038302

#CVE-2026-12309: Memory safety bug fixed in Thunderbird ESR 140.12

Reporter: Yaqoub Aldurayhim
Impact: moderate

References

Bug 2038476

#CVE-2026-12310: Memory safety bug fixed in Thunderbird ESR 140.12

Reporter: Carl Pearson
Impact: moderate

References

Bug 2039707

#CVE-2026-12311: Information disclosure, sandbox escape in the Security: Process Sandboxing component

Reporter: Yaqoub Aldurayhim
Impact: moderate

References

Bug 2040177

#CVE-2026-12312: Memory safety bug fixed in Thunderbird ESR 140.12

Reporter: Rintaro Kawasugi
Impact: moderate

References

Bug 2040383

#CVE-2026-12313: Information disclosure, sandbox escape in the Security: Process Sandboxing component

Reporter: evyatar
Impact: moderate

References

Bug 2040477

#CVE-2026-12314: Memory safety bug fixed in Thunderbird ESR 140.12

Reporter: satyamasd
Impact: moderate

References

Bug 2041856

#CVE-2026-12315: Mitigation bypass in the DOM: Security component

Reporter: Nguyen Minh
Impact: moderate

References

Bug 2042058

#CVE-2026-12330: Incorrect boundary conditions in the Internationalization component

Reporter: Mozilla Fuzzing Team
Impact: moderate

References

Bug 2029326

#CVE-2026-12324: Incorrect boundary conditions in the Graphics: CanvasWebGL component

Reporter: Mihalis Haatainen
Impact: low

References

Bug 2038444

#CVE-2026-12325: Denial-of-service in the Graphics: ImageLib component

Reporter: Securin
Impact: low

References

Bug 2039443

#CVE-2026-12327: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

Reporter: Christian Holler, Jens Stutte, Nika Layzell, Randell Jesup, Tom Schuster and the Mozilla Fuzzing Team
Impact: moderate

Description

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

Moderate Severity memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

#CVE-2026-12328: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

Reporter: Andrew McCreight, Randell Jesup, Tom Ritter and the Mozilla Fuzzing Team
Impact: high

Description

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

High Severity memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

Firefox browsers

Mozilla VPN

Mozilla Monitor

Firefox Relay

MDN Plus

Thunderbird

Solo

0DIN

Tabstack

About Mozilla

The Mozilla Manifesto

Get Involved

Blog