Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN038
_____________________________________________________________________

DATE                : 15/01/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Thunderbird versions prior to
                                      147, 140.7.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2026-04/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/
_____________________________________________________________________

Mozilla Foundation Security Advisory 2026-04
Security Vulnerabilities fixed in Thunderbird 147

Announced
    January 13, 2026
Impact
    high
Products
    Thunderbird
Fixed in

        Thunderbird 147

In general, these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled when reading mail,
but are potentially risks in browser or browser-like contexts.


#CVE-2026-0877: Mitigation bypass in the DOM: Security component

Reporter
    mingijung
Impact
    high

References

    Bug 1999257


#CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in
the Graphics: CanvasWebGL component

Reporter
    Oskar L
Impact
    high

References

    Bug 2003989


#CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in
the Graphics component

Reporter
    Oskar L
Impact
    high

References

    Bug 2004602


#CVE-2026-0880: Sandbox escape due to integer overflow in the Graphics
component

Reporter
    Oskar L
Impact
    high

References

    Bug 2005014


#CVE-2026-0881: Sandbox escape in the Messaging System component

Reporter
    Andrew McCreight
Impact
    high

References


    Bug 2005845

#CVE-2026-0882: Use-after-free in the IPC component

Reporter
    Randell Jesup
Impact
    high

References

    Bug 1924125


#CVE-2026-0883: Information disclosure in the Networking component

Reporter
    Vladislav Plyatsok
Impact
    moderate

References

    Bug 1989340


#CVE-2026-0884: Use-after-free in the JavaScript Engine component

Reporter
    Gary Kwong and Nan Wang
Impact
    moderate

References

    Bug 2003588


#CVE-2026-0885: Use-after-free in the JavaScript: GC component

Reporter
    Irvan Kurniawan
Impact
    moderate

References

    Bug 2003607


#CVE-2026-0886: Incorrect boundary conditions in the Graphics
component

Reporter
    Oskar L
Impact
    moderate

References

    Bug 2005658


#CVE-2026-0887: Clickjacking issue, information disclosure in the PDF
Viewer component

Reporter
    Lyra Rebane
Impact
    moderate

References

    Bug 2006500


#CVE-2026-0888: Information disclosure in the XML component

Reporter
    Pier Angelo Vendrame
Impact
    low

References

    Bug 1985996


#CVE-2026-0889: Denial-of-service in the DOM: Service Workers
component

Reporter
    Elysee Franchuk, Caleb Lerch
Impact
    low

References

    Bug 1999084


#CVE-2026-0890: Spoofing issue in the DOM: Copy & Paste and Drag
& Drop component

Reporter
    Edgar Chen
Impact
    low

References

    Bug 2005081


#CVE-2026-0891: Memory safety bugs fixed in Firefox ESR 140.7,
Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147

Reporter
    Andrew McCreight, Dennis Jackson and the Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR
140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed
evidence of memory corruption and we presume that with enough
effort some of these could have been exploited to run arbitrary
code.

References

    Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR
140.7, Firefox 147 and Thunderbird 147


#CVE-2026-0892: Memory safety bugs fixed in Firefox 147 and
Thunderbird 147

Reporter
    Hiroyuki Ikezoe, Jon Coppeard, Maurice Dauer and the Mozilla
     Fuzzing Team
Impact
    moderate

Description

Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of
these bugs showed evidence of memory corruption and we presume that
with enough effort some of these could have been exploited to run
arbitrary code.

References

    Memory safety bugs fixed in Firefox 147 and Thunderbird 147

_____________________________________________________________________


Mozilla Foundation Security Advisory 2026-05
Security Vulnerabilities fixed in Thunderbird 140.7

Announced
    January 13, 2026
Impact
    high
Products
    Thunderbird
Fixed in

        Thunderbird 140.7

In general, these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled when reading mail,
but are potentially risks in browser or browser-like contexts.


#CVE-2026-0877: Mitigation bypass in the DOM: Security component

Reporter
    mingijung
Impact
    high

References

    Bug 1999257


#CVE-2026-0878: Sandbox escape due to incorrect boundary conditions
in the Graphics: CanvasWebGL component

Reporter
    Oskar L
Impact
    high

References

    Bug 2003989


#CVE-2026-0879: Sandbox escape due to incorrect boundary conditions
in the Graphics component

Reporter
    Oskar L
Impact
    high

References

    Bug 2004602


#CVE-2026-0880: Sandbox escape due to integer overflow in the Graphics
component

Reporter
    Oskar L
Impact
    high

References

    Bug 2005014

#CVE-2026-0882: Use-after-free in the IPC component

Reporter
    Randell Jesup
Impact
    high

References

    Bug 1924125


#CVE-2025-14327: Spoofing issue in the Downloads Panel component

Reporter
    Caro Kann
Impact
    moderate

References

    Bug 1970743


#CVE-2026-0883: Information disclosure in the Networking component

Reporter
    Vladislav Plyatsok
Impact
    moderate

References

    Bug 1989340


#CVE-2026-0884: Use-after-free in the JavaScript Engine component

Reporter
    Gary Kwong and Nan Wang
Impact
    moderate

References

    Bug 2003588


#CVE-2026-0885: Use-after-free in the JavaScript: GC component

Reporter
    Irvan Kurniawan
Impact
    moderate

References

    Bug 2003607


#CVE-2026-0886: Incorrect boundary conditions in the Graphics
component

Reporter
    Oskar L
Impact
    moderate

References

    Bug 2005658


#CVE-2026-0887: Clickjacking issue, information disclosure in the
PDF Viewer component

Reporter
    Lyra Rebane
Impact
    moderate

References

    Bug 2006500

#CVE-2026-0890: Spoofing issue in the DOM: Copy & Paste and Drag &
Drop component

Reporter
    Edgar Chen
Impact
    low

References

    Bug 2005081


#CVE-2026-0891: Memory safety bugs fixed in Firefox ESR 140.7,
Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147

Reporter
    Andrew McCreight, Dennis Jackson and the Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox ESR 140.6, Thunderbird
ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs
showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run
arbitrary code.


References

    Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird
ESR 140.7, Firefox 147 and Thunderbird 147



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================