Red Hat Product Errata RHSA-2026:24719 - Security Advisory Issued: 2026-06-09 Updated: 2026-06-09 RHSA-2026:24719 - Security Advisory Overview Updated Packages Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 (CVE-2026-7323) firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component (CVE-2026-7320) firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 (CVE-2026-7322) firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-7321) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2463481 - CVE-2026-7323 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 BZ - 2463483 - CVE-2026-7320 firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component BZ - 2463484 - CVE-2026-7322 firefox: thunderbird: Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 BZ - 2463485 - CVE-2026-7321 firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component CVEs CVE-2026-7320 CVE-2026-7321 CVE-2026-7322 CVE-2026-7323 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM thunderbird-140.10.1-1.el10_0.src.rpm SHA-256: e101185ac42c0f8421bd8e6b23dee431e581010d16604739e9a8519511f92331 x86_64 thunderbird-140.10.1-1.el10_0.x86_64.rpm SHA-256: 889ba820108fec4e505de79683571c764668b92ccc5be328140123ce197a7103 thunderbird-debuginfo-140.10.1-1.el10_0.x86_64.rpm SHA-256: 24b16055bbcb1d699da22a667a82f95d8e8b152556b0f21eb1c30ede54db22b7 thunderbird-debugsource-140.10.1-1.el10_0.x86_64.rpm SHA-256: 86d702a2dfd759fd4e393fcd598d2a6a8a4a00327c372cd31a4d2248a506b104 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM thunderbird-140.10.1-1.el10_0.src.rpm SHA-256: e101185ac42c0f8421bd8e6b23dee431e581010d16604739e9a8519511f92331 s390x thunderbird-140.10.1-1.el10_0.s390x.rpm SHA-256: 7a4e5b19e7560ef883c93b1ed1de9ee5d8ca9bfa3423a74b77f179e35139d6a6 thunderbird-debuginfo-140.10.1-1.el10_0.s390x.rpm SHA-256: 45e9b8918c16159213ca7931bc85b269a247f68b4d2ac7b3facda29a7bc08d57 thunderbird-debugsource-140.10.1-1.el10_0.s390x.rpm SHA-256: 220f5c33f885bd8fc541278630988074633349e846c3af4c1f884195e3dd5df2 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM thunderbird-140.10.1-1.el10_0.src.rpm SHA-256: e101185ac42c0f8421bd8e6b23dee431e581010d16604739e9a8519511f92331 ppc64le thunderbird-140.10.1-1.el10_0.ppc64le.rpm SHA-256: 086a0c57792243d20bb2168049f16c3f2427836cf21d2f51d76fb98fd67afb14 thunderbird-debuginfo-140.10.1-1.el10_0.ppc64le.rpm SHA-256: 2e11b2198a26a5d023396a4e5cb76a819fb58084d6fe927a0b550586193e49cb thunderbird-debugsource-140.10.1-1.el10_0.ppc64le.rpm SHA-256: 16d8a5309a387be8a9467d34195fdf41ef6d3a0d09e3a5e4db0da6fae14a7a5c Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM thunderbird-140.10.1-1.el10_0.src.rpm SHA-256: e101185ac42c0f8421bd8e6b23dee431e581010d16604739e9a8519511f92331 aarch64 thunderbird-140.10.1-1.el10_0.aarch64.rpm SHA-256: c30970707f8bd6728eb4423092a1be18a034b12a43255609663014b114c3dc57 thunderbird-debuginfo-140.10.1-1.el10_0.aarch64.rpm SHA-256: 2e57d6b7c48af5b696f40037b1fc45224dd1b2d3b25f3d457cbdc2d7f84a9ebc thunderbird-debugsource-140.10.1-1.el10_0.aarch64.rpm SHA-256: 302403ff5a14569124911b026e1ea7809304dc46a8e9437f1c515e40d4a819e6 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM thunderbird-140.10.1-1.el10_0.src.rpm SHA-256: e101185ac42c0f8421bd8e6b23dee431e581010d16604739e9a8519511f92331 aarch64 thunderbird-140.10.1-1.el10_0.aarch64.rpm SHA-256: c30970707f8bd6728eb4423092a1be18a034b12a43255609663014b114c3dc57 thunderbird-debuginfo-140.10.1-1.el10_0.aarch64.rpm SHA-256: 2e57d6b7c48af5b696f40037b1fc45224dd1b2d3b25f3d457cbdc2d7f84a9ebc thunderbird-debugsource-140.10.1-1.el10_0.aarch64.rpm SHA-256: 302403ff5a14569124911b026e1ea7809304dc46a8e9437f1c515e40d4a819e6 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM thunderbird-140.10.1-1.el10_0.src.rpm SHA-256: e101185ac42c0f8421bd8e6b23dee431e581010d16604739e9a8519511f92331 s390x thunderbird-140.10.1-1.el10_0.s390x.rpm SHA-256: 7a4e5b19e7560ef883c93b1ed1de9ee5d8ca9bfa3423a74b77f179e35139d6a6 thunderbird-debuginfo-140.10.1-1.el10_0.s390x.rpm SHA-256: 45e9b8918c16159213ca7931bc85b269a247f68b4d2ac7b3facda29a7bc08d57 thunderbird-debugsource-140.10.1-1.el10_0.s390x.rpm SHA-256: 220f5c33f885bd8fc541278630988074633349e846c3af4c1f884195e3dd5df2 Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM thunderbird-140.10.1-1.el10_0.src.rpm SHA-256: e101185ac42c0f8421bd8e6b23dee431e581010d16604739e9a8519511f92331 ppc64le thunderbird-140.10.1-1.el10_0.ppc64le.rpm SHA-256: 086a0c57792243d20bb2168049f16c3f2427836cf21d2f51d76fb98fd67afb14 thunderbird-debuginfo-140.10.1-1.el10_0.ppc64le.rpm SHA-256: 2e11b2198a26a5d023396a4e5cb76a819fb58084d6fe927a0b550586193e49cb thunderbird-debugsource-140.10.1-1.el10_0.ppc64le.rpm SHA-256: 16d8a5309a387be8a9467d34195fdf41ef6d3a0d09e3a5e4db0da6fae14a7a5c Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 SRPM thunderbird-140.10.1-1.el10_0.src.rpm SHA-256: e101185ac42c0f8421bd8e6b23dee431e581010d16604739e9a8519511f92331 x86_64 thunderbird-140.10.1-1.el10_0.x86_64.rpm SHA-256: 889ba820108fec4e505de79683571c764668b92ccc5be328140123ce197a7103 thunderbird-debuginfo-140.10.1-1.el10_0.x86_64.rpm SHA-256: 24b16055bbcb1d699da22a667a82f95d8e8b152556b0f21eb1c30ede54db22b7 thunderbird-debugsource-140.10.1-1.el10_0.x86_64.rpm SHA-256: 86d702a2dfd759fd4e393fcd598d2a6a8a4a00327c372cd31a4d2248a506b104 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .