Release date:
2026-07-08 13:28:31 UTC
Description:
- CVE-2026-2770: keep construction depth for custom elements in sync;
wrap AutoConstructionDepth in mozilla::Maybe so early throws in
HTMLConstructor still tear it down deterministically (Bug 2014585)
- CVE-2026-2763: use-after-free in SuppressDeletedProperty during
property iteration; replace GetPrototype + GetPropertyDescriptor
(both CanGC/re-entrant) with staticPrototype() + LookupPropertyPure()
+ GetPropertyAttributes() in js/src/vm/Iteration.cpp (Bug 2012018)
- CVE-2026-2764: JIT baseline CacheIR call-scripted stub could observe
a not-yet-created `this` if it OOM'd between reservation and
construction; create `this` after pushing arguments and thread the
argument through pushArguments/CreateThis paths (Bug 2012608)
Updated packages:
-
thunderbird-115.4.1-1.el9_2.alma.tuxcare.els18.x86_64.rpm
sha:41bc0784aae2e948458db57700e2149366359ecc2bb8be605d331735e15b1fb4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.