Package thunderbird: Information

    Source package: thunderbird
    Version: 148.0-alt2
    Latest version according to Repology
    Build time:  Mar 1, 2026, 01:42 AM in the task #409600
    Category: Networking/Mail
    Report package bug
    Gear: https://git.altlinux.org/gears/t/thunderbird.git?a=tree;hb=eb51b…
    Home page: https://www.thunderbird.net
    License: MPL-2.0
    Summary: Thunderbird is Mozilla's e-mail client
    Description: 
    Thunderbird is Mozilla's next generation e-mail client. Thunderbird makes
emailing safer, faster and easier than ever before and can also scale to meet
the most sophisticated organizational needs.

The package contains Lightning - an integrated calendar for Thunderbird.
    List of RPM packages built from this SRPM:
    thunderbird (x86_64, aarch64)
    thunderbird-debuginfo (x86_64, aarch64)
    Maintainer: Ajrat Makhmutov
    List of contributors:
    Ajrat Makhmutov
    Ivan A. Melnikov
    Pavel Vasenkov
    Andrey Cherepanov
    Grigory Ustinov
    Alexey Sheplyakov
    Aleksei Nikiforov
    Gleb Fotengauer-Malinovskiy
    Paul Wolneykien
    Anton Farygin
    Vladimir Didenko
    Alexey Gladkov
    Alexey Morozov
    ACL:
    Ajrat Makhmutov
      1. /dev/shm
      2. /proc
      3. alternatives
      4. autoconf_2.13
      5. autoconf_2.13
      6. browser-plugins-npapi-devel
      7. bzlib-devel
      8. cbindgen
      9. chrpath
      10. clang
      11. clang-devel
      12. dump_syms
      13. fontconfig-devel
      14. gst-plugins-devel
      15. gstreamer-devel
      16. libGL-devel
      17. libX11-devel
      18. libXScrnSaver-devel
      19. libXcomposite-devel
      20. libXcursor-devel
      21. libXdamage-devel
      22. libXext-devel
      23. libXft-devel
      24. libXi-devel
      25. libXt-devel
      26. libalsa-devel
      27. libaom-devel
      28. libcairo-devel
      29. libcurl-devel
      30. libdav1d-devel
      31. libdbus-devel
      32. libdbus-glib-devel
      33. libdrm-devel
      34. pkgconfig(alsa)
      35. pkgconfig(aom)
      36. pkgconfig(bzip2)
      37. pkgconfig(cairo)
      38. pkgconfig(dav1d)
      39. pkgconfig(dbus-1)
      40. pkgconfig(dbus-glib-1)
      41. pkgconfig(dri)
      42. pkgconfig(fontconfig)
      43. pkgconfig(freetype2)
      44. pkgconfig(gio-2.0)
      45. pkgconfig(graphite2)
      46. pkgconfig(gtk+-2.0)
      47. pkgconfig(gtk+-3.0)
      48. libgtk+2-devel
      49. libgtk+3-devel
      50. pkgconfig(harfbuzz)
      51. pkgconfig(hunspell)
      52. pkgconfig(icu-i18n)
      53. pkgconfig(libcurl)
      54. pkgconfig(libdrm)
      55. pkgconfig(libevent)
      56. pkgconfig(libffi)
      57. pkgconfig(libjpeg)
      58. pkgconfig(libnotify)
      59. pkgconfig(libproxy-1.0)
      60. pkgconfig(libpulse)
      61. pkgconfig(libstartup-notification-1.0)
      62. pkgconfig(opus)
      63. pkgconfig(pixman-1)
      64. pkgconfig(vpx)
      65. pkgconfig(x11)
      66. pkgconfig(xcomposite)
      67. pkgconfig(xcursor)
      68. pkgconfig(xdamage)
      69. pkgconfig(xext)
      70. pkgconfig(xft)
      71. pkgconfig(xi)
      72. pkgconfig(xkbcommon)
      73. pkgconfig(xrandr)
      74. pkgconfig(xscrnsaver)
      75. pkgconfig(xt)
      76. pkgconfig(xtst)
      77. pkgconfig(zlib)
      78. libevent-devel
      79. libffi-devel
      80. libfreetype-devel
      81. python3(click)
      82. libhunspell-devel
      83. python3(curses)
      84. python3(hamcrest)
      85. python3(imp)
      86. libjpeg-devel
      87. python3(pip)
      88. libnotify-devel
      89. libnspr-devel
      90. libnss-devel
      91. libopus-devel
      92. libpixman-devel
      93. libwireless-devel
      94. libxkbcommon-devel
      95. libgio-devel
      96. python3(setuptools)
      97. libproxy-devel
      98. libpulseaudio-devel
      99. lld-devel
      100. llvm-devel
      101. python3(sqlite3)
      102. mozilla-common-devel
      103. libshell
      104. libstartup-notification-devel
      105. libstdc++-devel
      106. nasm
      107. node
      108. libvpx-devel
      109. python3-base
      110. rpm-macros-thunderbird
      111. rust-cargo
      112. unzip
      113. xorg-cf-files
      114. yasm
      115. zip
      116. zlib-devel

    Last changed

    Feb. 28, 2026 Ajrat Makhmutov 148.0-alt2
    - Update l10n for the 148.
    Feb. 25, 2026 Ajrat Makhmutov 148.0-alt1
    - New version.
- Fixes:
  + CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component
  + CVE-2026-2758: Use-after-free in the JavaScript: GC component
  + CVE-2026-2759: Incorrect boundary conditions in the Graphics: ImageLib component
  + CVE-2026-2795: Use-after-free in the JavaScript: GC component
  + CVE-2026-2760: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component
  + CVE-2026-2761: Sandbox escape in the Graphics: WebRender component
  + CVE-2026-2762: Integer overflow in the JavaScript: Standard Library component
  + CVE-2026-2763: Use-after-free in the JavaScript Engine component
  + CVE-2026-2764: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component
  + CVE-2026-2796: JIT miscompilation in the JavaScript: WebAssembly component
  + CVE-2026-2797: Use-after-free in the JavaScript: GC component
  + CVE-2026-2765: Use-after-free in the JavaScript Engine component
  + CVE-2026-2766: Use-after-free in the JavaScript Engine: JIT component
  + CVE-2026-2767: Use-after-free in the JavaScript: WebAssembly component
  + CVE-2026-2768: Sandbox escape in the Storage: IndexedDB component
  + CVE-2026-2798: Use-after-free in the DOM: Core & HTML component
  + CVE-2026-2769: Use-after-free in the Storage: IndexedDB component
  + CVE-2026-2799: Use-after-free in the DOM: Core & HTML component
  + CVE-2026-2770: Use-after-free in the DOM: Bindings (WebIDL) component
  + CVE-2026-2771: Undefined behavior in the DOM: Core & HTML component
  + CVE-2026-2772: Use-after-free in the Audio/Video: Playback component
  + CVE-2026-2773: Incorrect boundary conditions in the Web Audio component
  + CVE-2026-2774: Integer overflow in the Audio/Video component
  + CVE-2026-2775: Mitigation bypass in the DOM: HTML Parser component
  + CVE-2026-2776: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software
  + CVE-2026-2777: Privilege escalation in the Messaging System component
  + CVE-2026-2778: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component
  + CVE-2026-2779: Incorrect boundary conditions in the Networking: JAR component
  + CVE-2026-2800: Spoofing issue in the WebAuthn component in Firefox for Android
  + CVE-2026-2780: Privilege escalation in the Netmonitor component
  + CVE-2026-2781: Integer overflow in the Libraries component in NSS
  + CVE-2026-2801: Incorrect boundary conditions in the JavaScript: WebAssembly component
  + CVE-2026-2782: Privilege escalation in the Netmonitor component
  + CVE-2026-2783: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component
  + CVE-2026-2802: Race condition in the JavaScript: GC component
  + CVE-2026-2803: Information disclosure, mitigation bypass in the Settings UI component
  + CVE-2026-2784: Mitigation bypass in the DOM: Security component
  + CVE-2026-2785: Invalid pointer in the JavaScript Engine component
  + CVE-2026-2804: Use-after-free in the JavaScript: WebAssembly component
  + CVE-2026-2786: Use-after-free in the JavaScript Engine component
  + CVE-2026-2805: Invalid pointer in the DOM: Core & HTML component
  + CVE-2026-2787: Use-after-free in the DOM: Window and Location component
  + CVE-2026-2788: Incorrect boundary conditions in the Audio/Video: GMP component
  + CVE-2026-2789: Use-after-free in the Graphics: ImageLib component
  + CVE-2026-2806: Uninitialized memory in the Graphics: Text component
  + CVE-2026-2790: Same-origin policy bypass in the Networking: JAR component
  + CVE-2026-2791: Mitigation bypass in the Networking: Cache component
  + CVE-2026-2807: Memory safety bugs fixed in Firefox 148 and Thunderbird 148
  + CVE-2026-2792: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
  + CVE-2026-2793: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
    Feb. 20, 2026 Ajrat Makhmutov 147.0.2-alt1
    - New version.
- Fixes:
  + CVE-2026-2447: Heap buffer overflow in libvpx
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top