Release date:
2026-06-30 09:23:08 UTC
Description:
- CVE-2026-8970: constrain AsyncPrefs by remoteType so a compromised content
process cannot set security-relevant prefs via AsyncPrefs; split the
allowlist into privileged-about and unprivileged-exposed sets (Bug 2032174)
- CVE-2026-8961: add locationspecific="true" to Thunderbird's PopupAutoComplete
panel so the form-autocomplete dropdown is dismissed on navigation, closing a
spoofing window (Bug 1962625)
Updated packages:
-
thunderbird-115.4.1-1.el9_2.alma.tuxcare.els15.x86_64.rpm
sha:96aea17fbd886861ec13d18c461fea269ab81d7dbd2118795ac9cd2745ee29ea
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.