[Apollo] Advisories Statistics light light Login

RLSA-2026:9638

Security Mirrored from RHSA-2026:9638
Issued at: 2026-04-24
Updated at: 2026-04-24

Synopsis

Important: thunderbird security update



Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)

* libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636)

* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5734)

* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5731)

* firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component (CVE-2026-5732)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 10 aarch64 Rocky Linux 10 ppc64le Rocky Linux 10 s390x Rocky Linux 10 x86_64

Fixes

2451819 2455897 2451805 2455908 2455901

CVEs

CVE-2026-33416 CVE-2026-33636 CVE-2026-5731 CVE-2026-5732 CVE-2026-5734

Affected packages

Rocky Linux 10 x86_64 - AppStream

thunderbird-debuginfo-0:140.9.1-1.el10_1.x86_64.rpm thunderbird-0:140.9.1-1.el10_1.x86_64.rpm thunderbird-debugsource-0:140.9.1-1.el10_1.x86_64.rpm thunderbird-0:140.9.1-1.el10_1.src.rpm

Rocky Linux 10 ppc64le - AppStream

thunderbird-debugsource-0:140.9.1-1.el10_1.ppc64le.rpm thunderbird-0:140.9.1-1.el10_1.ppc64le.rpm thunderbird-debuginfo-0:140.9.1-1.el10_1.ppc64le.rpm thunderbird-0:140.9.1-1.el10_1.src.rpm

Rocky Linux 10 aarch64 - AppStream

thunderbird-debuginfo-0:140.9.1-1.el10_1.aarch64.rpm thunderbird-0:140.9.1-1.el10_1.aarch64.rpm thunderbird-0:140.9.1-1.el10_1.src.rpm thunderbird-debugsource-0:140.9.1-1.el10_1.aarch64.rpm

Rocky Linux 10 s390x - AppStream

thunderbird-0:140.9.1-1.el10_1.s390x.rpm thunderbird-debugsource-0:140.9.1-1.el10_1.s390x.rpm thunderbird-0:140.9.1-1.el10_1.src.rpm thunderbird-debuginfo-0:140.9.1-1.el10_1.s390x.rpm