Mozilla Thunderbird: Unpatched Browsers Can Crash or Be Exploited

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Mozilla Thunderbird: Unpatched Browsers Can Crash or Be Exploited

SUSE-SU-2026:1379-1

Summary

Mozilla Thunderbird has released a security update to address several security issues that could allow hackers to crash the browser or steal sensitive information. If you use Mozilla Thunderbird, it's essential to update to the latest version to protect your data and prevent security breaches. Update your browser as soon as possible to ensure you have the latest security patches.

What to do

Update mozillathunderbird to version 140.9.1-150200.8.266.1.

Affected software

Ecosystem	Vendor	Product	Affected versions
SUSE:Linux Enterprise Module for Package Hub 15 SP7	–	mozillathunderbird	< 140.9.1-150200.8.266.1 Fix: upgrade to 140.9.1-150200.8.266.1
SUSE:Linux Enterprise Workstation Extension 15 SP7	–	mozillathunderbird	< 140.9.1-150200.8.266.1 Fix: upgrade to 140.9.1-150200.8.266.1

Original title

Security update for MozillaThunderbird

Original description

This update for MozillaThunderbird fixes the following issues:

- Update to 149.0.2 and 140.9.1esr (bsc#1261663).
- CVE-2026-5731: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2.
- CVE-2026-5732: Incorrect boundary conditions, integer overflow in the Graphics: Text component.
- CVE-2026-5734: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2.

https://www.suse.com/support/update/announcement/2026/suse-su-20261379-1/ Vendor Advisory
https://bugzilla.suse.com/1261663 Third Party Advisory
https://www.suse.com/security/cve/CVE-2026-5731 URL
https://www.suse.com/security/cve/CVE-2026-5732 URL
https://www.suse.com/security/cve/CVE-2026-5734 URL

Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026