[CLSA-2026:1783520633] thunderbird: Fix of 6 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-08 14:24:17 UTC
Description:
- CVE-2026-12290: WebGL2 missing per-stage uniform-block validation could let a malicious shader exceed driver limits; opt into ANGLE's validatePerStageMaxUniformBlocks and wire MaxVertex/Fragment uniform block counts (Bug 2024852, includes ANGLE cherry-pick 05459080c9a3) - CVE-2026-12291: use-after-free in HTTP stream listener chain; hold a strong nsCOMPtr ref across OnStartRequest/ OnDataAvailable/OnStopRequest invocations across 45 callsites (Bug 2036929) - CVE-2026-12292: ThreadSharedFloatArrayBufferList::Create returned uninitialized memory; switch js_pod_malloc to js_pod_calloc for the Web Audio float buffer (Bug 2038465) - CVE-2026-12294: SharedWorker remote-type confusion; simplify SharedWorker remote type handling by sourcing the remote type from the content process instead of recomputing in parent (Bug 2039873) - CVE-2026-12295: sandbox escape via srcdoc data on non-about:srcdoc URIs; add MOZ_RELEASE_ASSERT/IPC reject guards in nsDocShell, nsDocShellLoadState, Document and nsViewSourceChannel (Bug 2040160) - CVE-2026-12297: nsStandardURL deserialization could over-read past the spec buffer; add authority/path NS_ENSURE_TRUE consistency check in Deserialize() and null-pointer guard in Finalize() (Bug 2041610, includes prereq Bug 2027976 isSubSegment ladder)
Updated packages:
  • thunderbird-115.4.1-1.el9_2.alma.tuxcare.els17.x86_64.rpm
    sha:a000706e1a05b2c4e74e712a7849ed561b61b8f4d517dd86e2b60f361f76ea2d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.