{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"HIGH" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"An incorrect boundary conditions vulnerability exists in the WebRTC Networking component of Mozilla Firefox and Thunderbird. This vulnerability is classified as critical, with the root cause being CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer. An attacker could exploit this vulnerability to read from or write to a memory location outside the intended boundary of a buffer, leading to memory corruption. This impacts the confidentiality, integrity, and availability of the system. This vulnerability affects Firefox versions up to 149, Firefox ESR versions prior to 140.10, Thunderbird versions up to 149, and Thunderbird ESR versions prior to 140.10.", "category":"general", "title":"Synopsis" } ], "publisher":null, "references":[ { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6776" }, { "summary":"CVE-2026-6776 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/cve/2026/csaf-openeuler-cve-2026-6776.json" }, { "summary":"openEuler-SA-2026-2109", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2109" }, { "summary":"CVE-2026-6776", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-6776&packageName=thunderbird" } ], "title":"openEuler cve CVE-2026-6776", "tracking":{ "initial_release_date":"2026-04-28T10:55:12+08:00", "revision_history":[ { "date":"2026-04-28T10:55:12+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-04-28T10:55:12+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-04-28T10:55:12+08:00", "id":"CVE-2026-6776", "version":"1.0.0", "status":"interim" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-140.10.0-1.oe2403sp3.aarch64.rpm", "name":"thunderbird-140.10.0-1.oe2403sp3.aarch64.rpm" }, "name":"thunderbird-140.10.0-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.aarch64.rpm", "name":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.aarch64.rpm" }, "name":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-debugsource-140.10.0-1.oe2403sp3.aarch64.rpm", "name":"thunderbird-debugsource-140.10.0-1.oe2403sp3.aarch64.rpm" }, "name":"thunderbird-debugsource-140.10.0-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.aarch64.rpm", "name":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.aarch64.rpm" }, "name":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-wayland-140.10.0-1.oe2403sp3.aarch64.rpm", "name":"thunderbird-wayland-140.10.0-1.oe2403sp3.aarch64.rpm" }, "name":"thunderbird-wayland-140.10.0-1.oe2403sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-140.10.0-1.oe2403sp3.src.rpm", "name":"thunderbird-140.10.0-1.oe2403sp3.src.rpm" }, "name":"thunderbird-140.10.0-1.oe2403sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-140.10.0-1.oe2403sp3.x86_64.rpm", "name":"thunderbird-140.10.0-1.oe2403sp3.x86_64.rpm" }, "name":"thunderbird-140.10.0-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.x86_64.rpm", "name":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.x86_64.rpm" }, "name":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-debugsource-140.10.0-1.oe2403sp3.x86_64.rpm", "name":"thunderbird-debugsource-140.10.0-1.oe2403sp3.x86_64.rpm" }, "name":"thunderbird-debugsource-140.10.0-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.x86_64.rpm", "name":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.x86_64.rpm" }, "name":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"thunderbird-wayland-140.10.0-1.oe2403sp3.x86_64.rpm", "name":"thunderbird-wayland-140.10.0-1.oe2403sp3.x86_64.rpm" }, "name":"thunderbird-wayland-140.10.0-1.oe2403sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-140.10.0-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-140.10.0-1.oe2403sp3.aarch64", "name":"thunderbird-140.10.0-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.10.0-1.oe2403sp3.aarch64", "name":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-debugsource-140.10.0-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.10.0-1.oe2403sp3.aarch64", "name":"thunderbird-debugsource-140.10.0-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.aarch64", "name":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-wayland-140.10.0-1.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-wayland-140.10.0-1.oe2403sp3.aarch64", "name":"thunderbird-wayland-140.10.0-1.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-140.10.0-1.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-140.10.0-1.oe2403sp3.src", "name":"thunderbird-140.10.0-1.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-140.10.0-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-140.10.0-1.oe2403sp3.x86_64", "name":"thunderbird-140.10.0-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-debuginfo-140.10.0-1.oe2403sp3.x86_64", "name":"thunderbird-debuginfo-140.10.0-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-debugsource-140.10.0-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-debugsource-140.10.0-1.oe2403sp3.x86_64", "name":"thunderbird-debugsource-140.10.0-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.x86_64", "name":"thunderbird-librnp-rnp-140.10.0-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"thunderbird-wayland-140.10.0-1.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:thunderbird-wayland-140.10.0-1.oe2403sp3.x86_64", "name":"thunderbird-wayland-140.10.0-1.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-6776", "notes":[ { "text":"An incorrect boundary conditions vulnerability exists in the WebRTC Networking component of Mozilla Firefox and Thunderbird. This vulnerability is classified as critical, with the root cause being CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer. An attacker could exploit this vulnerability to read from or write to a memory location outside the intended boundary of a buffer, leading to memory corruption. This impacts the confidentiality, integrity, and availability of the system. This vulnerability affects Firefox versions up to 149, Firefox ESR versions prior to 140.10, Thunderbird versions up to 149, and Thunderbird ESR versions prior to 140.10.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{ "$ref":"$.vulnerabilities[0].product_status.fixed" } }, "remediations":[ { "product_ids":{ "$ref":"$.vulnerabilities[0].product_status.fixed" }, "details":"thunderbird security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2109" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":{ "$ref":"$.vulnerabilities[0].product_status.fixed" } } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-6776" } ] }