Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Critical Security Flaw in Thunderbird Email Client
RHSA-2026:3981
Summary
A security update has been released for Thunderbird, a popular email client, to fix a critical vulnerability. This means that if you use Thunderbird, you're at risk of your account being compromised if you open a malicious email. Update your Thunderbird software as soon as possible to protect your account.
What to do
- Update redhat thunderbird to version 0:140.8.0-1.el9_4.
- Update redhat thunderbird-debuginfo to version 0:140.8.0-1.el9_4.
- Update redhat thunderbird-debugsource to version 0:140.8.0-1.el9_4.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | thunderbird | <= 0:140.8.0-1.el9_4 | 0:140.8.0-1.el9_4 |
| redhat | thunderbird-debuginfo | <= 0:140.8.0-1.el9_4 | 0:140.8.0-1.el9_4 |
| redhat | thunderbird-debugsource | <= 0:140.8.0-1.el9_4 | 0:140.8.0-1.el9_4 |
Original title
Red Hat Security Advisory: thunderbird security update
osv CVSS3.1
7.5
- https://access.redhat.com/errata/RHSA-2026:3981 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2440219 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442284 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442287 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442288 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442290 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442291 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442292 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442294 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442295 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442297 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442298 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442300 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442302 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442304 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442307 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442308 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442309 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442312 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442313 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442314 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442316 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442318 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442319 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442320 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442322 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442324 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442325 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442326 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442327 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442328 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442329 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442331 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442333 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442334 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442335 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442337 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442342 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442343 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3981.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2026-2447 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2447 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2447 Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=2014390 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-10/ Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2757 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2757 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2757 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2757 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2757 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2758 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2758 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2758 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2758 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2758 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2759 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2759 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2759 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2759 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2759 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2760 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2760 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2760 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2760 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2760 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2761 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2761 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2761 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2761 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2761 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2762 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2762 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2762 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2762 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2762 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2763 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2763 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2763 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2763 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2763 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2764 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2764 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2764 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2764 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2764 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2765 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2765 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2765 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2765 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2765 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2766 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2766 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2766 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2766 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2766 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2767 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2767 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2767 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2767 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2767 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2768 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2768 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2768 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2768 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2768 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2769 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2769 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2769 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2769 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2769 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2770 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2770 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2770 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2770 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2770 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2771 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2771 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2771 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2771 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2771 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2772 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2772 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2772 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2772 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2772 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2773 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2773 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2773 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2773 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2773 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2774 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2774 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2774 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2774 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2774 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2775 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2775 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2775 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2775 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2775 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2776 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2776 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2776 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2776 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2776 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2777 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2777 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2777 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2777 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2777 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2778 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2778 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2778 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2778 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2778 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2779 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2779 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2779 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2779 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2779 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2780 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2780 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2780 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2780 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2780 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2781 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2781 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2781 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2781 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2781 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2782 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2782 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2782 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2782 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2782 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2783 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2783 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2783 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2783 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2783 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2784 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2784 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2784 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2784 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2784 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2785 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2785 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2785 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2785 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2785 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2786 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2786 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2786 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2786 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2786 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2787 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2787 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2787 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2787 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2787 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2788 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2788 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2788 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2788 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2788 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2789 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2789 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2789 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2789 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2789 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2790 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2790 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2790 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2790 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2790 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2791 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2791 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2791 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2791 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2791 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2792 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2792 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2792 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2792 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2792 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2793 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2793 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2793 Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2793 Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2793 Third Party Advisory
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026