Release date:
2026-07-08 14:24:17 UTC
Description:
- CVE-2026-12290: WebGL2 missing per-stage uniform-block validation could
let a malicious shader exceed driver limits; opt into ANGLE's
validatePerStageMaxUniformBlocks and wire MaxVertex/Fragment uniform
block counts (Bug 2024852, includes ANGLE cherry-pick 05459080c9a3)
- CVE-2026-12291: use-after-free in HTTP stream listener chain; hold a
strong nsCOMPtr ref across OnStartRequest/
OnDataAvailable/OnStopRequest invocations across 45 callsites
(Bug 2036929)
- CVE-2026-12292: ThreadSharedFloatArrayBufferList::Create returned
uninitialized memory; switch js_pod_malloc to js_pod_calloc for the
Web Audio float buffer (Bug 2038465)
- CVE-2026-12294: SharedWorker remote-type confusion; simplify
SharedWorker remote type handling by sourcing the remote type from
the content process instead of recomputing in parent (Bug 2039873)
- CVE-2026-12295: sandbox escape via srcdoc data on non-about:srcdoc
URIs; add MOZ_RELEASE_ASSERT/IPC reject guards in nsDocShell,
nsDocShellLoadState, Document and nsViewSourceChannel (Bug 2040160)
- CVE-2026-12297: nsStandardURL deserialization could over-read past
the spec buffer; add authority/path NS_ENSURE_TRUE consistency check
in Deserialize() and null-pointer guard in Finalize() (Bug 2041610,
includes prereq Bug 2027976 isSubSegment ladder)
Updated packages:
-
thunderbird-115.4.1-1.el9_2.alma.tuxcare.els17.x86_64.rpm
sha:a000706e1a05b2c4e74e712a7849ed561b61b8f4d517dd86e2b60f361f76ea2d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.