Kaspersky ID:
KLA91103
Date de la détection:
06/16/2026
Mis à jour:
06/30/2026

Description

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code, obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

  1. Memory safety bug fixed in Firefox 152
  2. Security vulnerability in the DOM: Workers component can be exploited to bypass security restrictions.
  3. A remote code execution vulnerability in the Networking: HTTP component can be exploited remotely to execute arbitrary code.
  4. Memory safety bug fixed in Firefox ESR 115
  5. Denial of service vulnerability in the Graphics: WebGPU component can be exploited remotely to cause denial of service.
  6. JIT miscompilation in the JavaScript: WebAssembly component
  7. Denial of service vulnerability in the Graphics: ImageLib component can be exploited remotely to cause denial of service.
  8. Security vulnerability in the Graphics: WebRender component can be exploited to bypass security restrictions.
  9. Denial of service vulnerability in the Graphics: CanvasWebGL component can be exploited remotely to cause denial of service.
  10. Information disclosure vulnerability in the Password Manager component can be exploited to obtain sensitive information.
  11. A remote code execution vulnerability in Firefox ESR 140 can be exploited remotely to execute arbitrary code.
  12. Security vulnerability in the DOM: Security component can be exploited to bypass security restrictions.
  13. Security vulnerability in the Security: Process Sandboxing component can be exploited to bypass security restrictions.
  14. Denial of service vulnerability in the Networking component can be exploited remotely to cause denial of service.
  15. Denial of service vulnerability in the Libraries component in NSS can be exploited remotely to cause denial of service.
  16. Denial of service vulnerability in the Web Audio component can be exploited remotely to cause denial of service.
  17. Denial of service vulnerability in the Audio/Video: Playback component can be exploited remotely to cause denial of service.
  18. A remote code execution vulnerability in Firefox ESR 115 can be exploited remotely to execute arbitrary code.
  19.  
  20. JIT miscompilation in the DOM: Core & HTML component
  21. Clickjacking issue in the Widget: Gtk component
  22. Security UI vulnerability in the DOM: Core & HTML component can be exploited to spoof user interface.
  23. Denial of service vulnerability in the Internationalization component can be exploited remotely to cause denial of service.
  24. A remote code execution vulnerability in the Graphics: WebGPU component can be exploited remotely to execute arbitrary code.
  25. Security vulnerability in the DOM: Navigation component can be exploited to bypass security restrictions.
  26. Security vulnerability in the Networking: Cookies component can be exploited to bypass security restrictions.
  27. A remote code execution vulnerability in Firefox 152 and Thunderbird 152 can be exploited remotely to execute arbitrary code.

Fiches de renseignement originales

Produits associés

Liste CVE

  • CVE-2026-12289
    critical
  • CVE-2026-12290
    critical
  • CVE-2026-12291
    critical
  • CVE-2026-12292
    critical
  • CVE-2026-12293
    critical
  • CVE-2026-12294
    critical
  • CVE-2026-12295
    critical
  • CVE-2026-12296
    critical
  • CVE-2026-12297
    critical
  • CVE-2026-12298
    critical
  • CVE-2026-12299
    critical
  • CVE-2026-12300
    high
  • CVE-2026-12301
    high
  • CVE-2026-12302
    high
  • CVE-2026-12303
    warning
  • CVE-2026-12304
    critical
  • CVE-2026-12305
    critical
  • CVE-2026-12306
    high
  • CVE-2026-12307
    high
  • CVE-2026-12308
    high
  • CVE-2026-12309
    high
  • CVE-2026-12310
    critical
  • CVE-2026-12311
    warning
  • CVE-2026-12312
    critical
  • CVE-2026-12313
    warning
  • CVE-2026-12314
    critical
  • CVE-2026-12315
    critical
  • CVE-2026-12316
    critical
  • CVE-2026-12317
    critical
  • CVE-2026-12318
    high
  • CVE-2026-12319
    high
  • CVE-2026-12320
    warning
  • CVE-2026-12321
    high
  • CVE-2026-12322
    high
  • CVE-2026-12323
    high
  • CVE-2026-12324
    high
  • CVE-2026-12325
    high
  • CVE-2026-12326
    critical
  • CVE-2026-12327
    critical
  • CVE-2026-12328
    critical
  • CVE-2026-12329
    critical
  • CVE-2026-12330
    high

En savoir plus

Découvrez les statistiques de la propagation des vulnérabilités dans votre région statistics.securelist.com

Vous avez trouvé une inexactitude dans la description de cette vulnérabilité ? Faites-le nous savoir !
Kaspersky IT Security Calculator:
Calculez le profil de sécurité de votre entreprise
Apprendre encore plus
Kaspersky!
Votre vie en ligne mérite une protection complète!
Apprendre encore plus
Do you want to save your changes?
Your message has been sent successfully.