An update for thunderbird is now available for openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2246 Final 1.0 1.0 2026-05-09 Initial 2026-05-09 2026-05-09 openEuler SA Tool V1.0 2026-05-09 thunderbird security update An update for thunderbird is now available for openEuler-24.03-LTS-SP3 Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.(CVE-2026-7320) Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1.(CVE-2026-7321) Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.(CVE-2026-7322) Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.(CVE-2026-7323) An update for thunderbird is now available for openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical thunderbird https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2246 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-7320 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-7321 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-7322 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-7323 https://nvd.nist.gov/vuln/detail/CVE-2026-7320 https://nvd.nist.gov/vuln/detail/CVE-2026-7321 https://nvd.nist.gov/vuln/detail/CVE-2026-7322 https://nvd.nist.gov/vuln/detail/CVE-2026-7323 openEuler-24.03-LTS-SP3 thunderbird-140.10.1-1.oe2403sp3.aarch64.rpm thunderbird-debuginfo-140.10.1-1.oe2403sp3.aarch64.rpm thunderbird-debugsource-140.10.1-1.oe2403sp3.aarch64.rpm thunderbird-librnp-rnp-140.10.1-1.oe2403sp3.aarch64.rpm thunderbird-wayland-140.10.1-1.oe2403sp3.aarch64.rpm thunderbird-140.10.1-1.oe2403sp3.src.rpm thunderbird-140.10.1-1.oe2403sp3.x86_64.rpm thunderbird-debuginfo-140.10.1-1.oe2403sp3.x86_64.rpm thunderbird-debugsource-140.10.1-1.oe2403sp3.x86_64.rpm thunderbird-librnp-rnp-140.10.1-1.oe2403sp3.x86_64.rpm thunderbird-wayland-140.10.1-1.oe2403sp3.x86_64.rpm Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1. 2026-05-09 CVE-2026-7320 openEuler-24.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N thunderbird security update 2026-05-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2246 Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1. 2026-05-09 CVE-2026-7321 openEuler-24.03-LTS-SP3 Critical 9.6 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H thunderbird security update 2026-05-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2246 Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1. 2026-05-09 CVE-2026-7322 openEuler-24.03-LTS-SP3 High 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L thunderbird security update 2026-05-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2246 Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Thunderbird 150.0.1, and Thunderbird 140.10.1. 2026-05-09 CVE-2026-7323 openEuler-24.03-LTS-SP3 High 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L thunderbird security update 2026-05-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2246