Release date:
2026-06-23 10:31:22 UTC
Description:
- CVE-2026-12299: WebIDL [Pure] over-optimization on getter/function calls;
remove [Pure] annotation from blockedNodesByClassifier, getAttributeNames,
flex/grid container reflection, innerText/outerText, HTMLInputElement.height,
and MozEditableElement.editor accessors (Bug 2043139)
- CVE-2026-12311: Linux sandbox broker did not enforce path-count per
operation, allowing a malicious child to send an extra path; add
OperationPaths() guard and preserve FORCE_DENY/CRASH_INSTEAD bits when
intersecting both paths' permissions (Bug 2040177)
- CVE-2026-12328: rollup of 11 mozilla-esr115 memory-safety fixes shipped
as FIREFOX_115_37_0esr_RELEASE - a11y BindChildDoc cross-PBrowser guard
(Bug 2038477), DOM bindings ObservableArray proxy cleanup on finalize
(Bug 2042268), reject remote print in RecvCloneDocumentTreeInto
(Bug 2042929), WebRender RefPtr lifetime for previousTexture
(Bug 2042451), ANGLE redeclared built-in type checks (Bug 2039726),
ParserAtom allocate length guard (Bug 2042858), VideoBridgeParent
UnregisterSingleton split (Bug 2042965), ffmpeg ImageBufferTracker
refcounted (Bug 2041373), IndexedDB deserialization done-flag wait loop
(Bug 2043213), WebGL maxColorDrawBuffers clamp (Bug 2042782), and ANGLE
gl_SecondaryFragColorEXT rewrite (Bug 2029402)
Updated packages:
-
thunderbird-115.4.1-1.el9_2.alma.tuxcare.els13.x86_64.rpm
sha:17222c6264dd5986fa07cb61ee23ef107423a73590e9250c8ffeddf14026d06c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.