CLSA-2026:1780952647

[CLSA-2026:1780952647] thunderbird: Fix of 8 CVEs

Type:

security

Severity:

Important

Release date:

2026-06-09 08:38:05 UTC

Description:

- CVE-2026-6746: HTMLSlotElement - fix manual slot reassignment across different shadow roots (Bug 2014596)
- CVE-2026-6749: ImageEncoder use mapped stride and surface size to avoid OOB read (Bug 2022610)
- CVE-2026-6752: libwebrtc - truncate RTP CSRC list to RFC 3550 spec maximum (15)
- CVE-2026-6785: prevent use-after-free in nsUnknownDecoder::CheckListenerChain (Bug 2036929)
- CVE-2026-8388: SpiderMonkey JIT - widen RecoverOffset to uint64_t to prevent overflow in Ion snapshot encoding (Bug 2036978)

CVEs fixed:

CVE-2026-6746
CVE-2026-6749
CVE-2026-6750
CVE-2026-6752
CVE-2026-6754
CVE-2026-6769
CVE-2026-6785
CVE-2026-8388

Updated packages:

thunderbird-115.4.1-1.el9_2.alma.tuxcare.els9.x86_64.rpm
sha:dc7390480a957ce17ce1c6532300001fca075429d50ceafc38a938ced0356378

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.