{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"HIGH" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"A mitigation bypass vulnerability exists in the File Handling component of Mozilla Firefox and Thunderbird. This vulnerability could allow an attacker to bypass security mitigations, potentially impacting the confidentiality, integrity, and availability of the system. According to VulDB, this vulnerability is rated as critical. Affected versions include Firefox up to version 149, Firefox ESR prior to 140.10, Thunderbird up to version 149, and Thunderbird ESR prior to 140.10.", "category":"general", "title":"Synopsis" } ], "publisher":null, "references":[ { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6763" }, { "summary":"CVE-2026-6763 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/cve/2026/csaf-openeuler-cve-2026-6763.json" }, { "summary":"openEuler-SA-2026-2109", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2109" }, { "summary":"CVE-2026-6763", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-6763&packageName=thunderbird" } ], "title":"openEuler cve CVE-2026-6763", "tracking":{ "initial_release_date":"2026-04-28T10:55:12+08:00", "revision_history":[ { "date":"2026-04-28T10:55:12+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-04-28T10:55:12+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-04-28T10:55:12+08:00", "id":"CVE-2026-6763", "version":"1.0.0", "status":"interim" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-140.10.0-1.oe2403sp3.aarch64.rpm", "name":"thunderbird-140.10.0-1.oe2403sp3.aarch64.rpm" }, "name":"thunderbird-140.10.0-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.aarch64.rpm", "name":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.aarch64.rpm" }, "name":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-debugsource-140.10.0-1.oe2403sp3.aarch64.rpm", "name":"thunderbird-debugsource-140.10.0-1.oe2403sp3.aarch64.rpm" }, "name":"thunderbird-debugsource-140.10.0-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.aarch64.rpm", "name":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.aarch64.rpm" }, "name":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-wayland-140.10.0-1.oe2403sp3.aarch64.rpm", "name":"thunderbird-wayland-140.10.0-1.oe2403sp3.aarch64.rpm" }, "name":"thunderbird-wayland-140.10.0-1.oe2403sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-140.10.0-1.oe2403sp3.src.rpm", "name":"thunderbird-140.10.0-1.oe2403sp3.src.rpm" }, "name":"thunderbird-140.10.0-1.oe2403sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-140.10.0-1.oe2403sp3.x86_64.rpm", "name":"thunderbird-140.10.0-1.oe2403sp3.x86_64.rpm" }, "name":"thunderbird-140.10.0-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.x86_64.rpm", "name":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.x86_64.rpm" }, "name":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-debugsource-140.10.0-1.oe2403sp3.x86_64.rpm", "name":"thunderbird-debugsource-140.10.0-1.oe2403sp3.x86_64.rpm" }, "name":"thunderbird-debugsource-140.10.0-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.x86_64.rpm", "name":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.x86_64.rpm" }, "name":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-wayland-140.10.0-1.oe2403sp3.x86_64.rpm", "name":"thunderbird-wayland-140.10.0-1.oe2403sp3.x86_64.rpm" }, "name":"thunderbird-wayland-140.10.0-1.oe2403sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-140.10.0-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-140.10.0-1.oe2403sp3.aarch64", "name":"thunderbird-140.10.0-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.10.0-1.oe2403sp3.aarch64", "name":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-debugsource-140.10.0-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.10.0-1.oe2403sp3.aarch64", "name":"thunderbird-debugsource-140.10.0-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.aarch64", "name":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-wayland-140.10.0-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-wayland-140.10.0-1.oe2403sp3.aarch64", "name":"thunderbird-wayland-140.10.0-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-140.10.0-1.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-140.10.0-1.oe2403sp3.src", "name":"thunderbird-140.10.0-1.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-140.10.0-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-140.10.0-1.oe2403sp3.x86_64", "name":"thunderbird-140.10.0-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.10.0-1.oe2403sp3.x86_64", "name":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-debugsource-140.10.0-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.10.0-1.oe2403sp3.x86_64", "name":"thunderbird-debugsource-140.10.0-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.x86_64", "name":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-wayland-140.10.0-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-wayland-140.10.0-1.oe2403sp3.x86_64", "name":"thunderbird-wayland-140.10.0-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-6763", "notes":[ { "text":"A mitigation bypass vulnerability exists in the File Handling component of Mozilla Firefox and Thunderbird. This vulnerability could allow an attacker to bypass security mitigations, potentially impacting the confidentiality, integrity, and availability of the system. According to VulDB, this vulnerability is rated as critical. Affected versions include Firefox up to version 149, Firefox ESR prior to 140.10, Thunderbird up to version 149, and Thunderbird ESR prior to 140.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{ "$ref":"$.vulnerabilities[0].product_status.fixed" } }, "remediations":[ { "product_ids":{ "$ref":"$.vulnerabilities[0].product_status.fixed" }, "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2109" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version":"3.1" }, "products":{ "$ref":"$.vulnerabilities[0].product_status.fixed" } } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-6763" } ] }