Vulnerability-Lookup

CVE-2025-59375 (GCVE-0-2025-59375)

Vulnerability from cvelistv5 – Published: 2025-09-15 00:00 – Updated: 2026-05-12 12:08

Summary

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

mitre

References

9 references

URL	Tags
https://github.com/libexpat/libexpat/issues/1018
https://github.com/libexpat/libexpat/pull/1034
https://github.com/libexpat/libexpat/blob/676a4c5…
https://issues.oss-fuzz.com/issues/439133977
https://github.com/libexpat/libexpat/blob/R_2_7_2…
http://www.openwall.com/lists/oss-security/2025/09/16/2
http://www.openwall.com/lists/oss-security/2026/05/01/5
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

20 products

Vendor	Product	Version
libexpat project	libexpat	Affected: 0 , < 2.7.2 (semver)
Siemens	RUGGEDCOM RST2428P	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XCH328	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XCM324	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XCM328	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XCM332	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRH334 (24 V DC, 8xFO, CC)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (230 V AC, 12xFO)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (230 V AC, 8xFO)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (24 V DC, 12xFO)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (24 V DC, 8xFO)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (2x230 V AC, 12xFO)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (2x230 V AC, 8xFO)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)	Affected: 0 , < V3.3 (custom)
Siemens	SIMATIC S7-1500 CPU 1518-4 PN/DP MFP	Affected: V3.1.5 , < * (custom)
Siemens	SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP	Affected: V3.1.5 , < * (custom)
Siemens	SIPLUS S7-1500 CPU 1518-4 PN/DP MFP	Affected: V3.1.5 , < * (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59375",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-15T20:22:58.509715Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-15T20:23:08.737Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-01T14:25:12.055Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/09/16/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST2428P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCH328",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM324",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM328",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM332",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRH334 (24 V DC, 8xFO, CC)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (230 V AC, 12xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (230 V AC, 8xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (24 V DC, 12xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (24 V DC, 8xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (2x230 V AC, 12xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (2x230 V AC, 8xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:08:30.282Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-089022.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libexpat",
          "vendor": "libexpat project",
          "versions": [
            {
              "lessThan": "2.7.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.7.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-17T13:21:47.961Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/libexpat/libexpat/issues/1018"
        },
        {
          "url": "https://github.com/libexpat/libexpat/pull/1034"
        },
        {
          "url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
        },
        {
          "url": "https://issues.oss-fuzz.com/issues/439133977"
        },
        {
          "url": "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-59375",
    "datePublished": "2025-09-15T00:00:00.000Z",
    "dateReserved": "2025-09-15T00:00:00.000Z",
    "dateUpdated": "2026-05-12T12:08:30.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-59375",
      "date": "2026-06-04",
      "epss": "0.00102",
      "percentile": "0.27521"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-59375\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-09-15T03:15:40.920\",\"lastModified\":\"2026-05-12T13:17:22.640\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2\",\"matchCriteriaId\":\"2562E072-C9E9-432C-9545-404F89D73E00\"}]}]}],\"references\":[{\"url\":\"https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/libexpat/libexpat/issues/1018\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://github.com/libexpat/libexpat/pull/1034\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://issues.oss-fuzz.com/issues/439133977\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/09/16/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/05/01/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-089022.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/09/16/2\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2026/05/01/5\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-05-01T14:25:12.055Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-59375\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-15T20:22:58.509715Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-15T20:23:05.396Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C\"}}], \"affected\": [{\"vendor\": \"libexpat project\", \"product\": \"libexpat\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.7.2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/libexpat/libexpat/issues/1018\"}, {\"url\": \"https://github.com/libexpat/libexpat/pull/1034\"}, {\"url\": \"https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74\"}, {\"url\": \"https://issues.oss-fuzz.com/issues/439133977\"}, {\"url\": \"https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2.7.2\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-09-17T13:21:47.961Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-59375\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-01T14:25:12.055Z\", \"dateReserved\": \"2025-09-15T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-09-15T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

OPENSUSE-SU-2025:15573-1

Vulnerability from csaf_opensuse - Published: 2025-09-23 00:00 - Updated: 2025-09-23 00:00

Summary

expat-2.7.2-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: expat-2.7.2-1.1 on GA media

Description of the patch: These are all security issues fixed in the expat-2.7.2-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2025-15573

CVE-2025-59375

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:expat-2.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:expat-2.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:expat-2.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:expat-2.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat1-2.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat1-2.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat1-2.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat1-2.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

5 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2025-59375/	self
https://www.suse.com/security/cve/CVE-2025-59375	external
https://bugzilla.suse.com/1249584	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "expat-2.7.2-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the expat-2.7.2-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15573",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15573-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-59375 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-59375/"
      }
    ],
    "title": "expat-2.7.2-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-09-23T00:00:00Z",
      "generator": {
        "date": "2025-09-23T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15573-1",
      "initial_release_date": "2025-09-23T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-09-23T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.2-1.1.aarch64",
                "product": {
                  "name": "expat-2.7.2-1.1.aarch64",
                  "product_id": "expat-2.7.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.2-1.1.aarch64",
                "product": {
                  "name": "libexpat-devel-2.7.2-1.1.aarch64",
                  "product_id": "libexpat-devel-2.7.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-32bit-2.7.2-1.1.aarch64",
                "product": {
                  "name": "libexpat-devel-32bit-2.7.2-1.1.aarch64",
                  "product_id": "libexpat-devel-32bit-2.7.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.2-1.1.aarch64",
                "product": {
                  "name": "libexpat1-2.7.2-1.1.aarch64",
                  "product_id": "libexpat1-2.7.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-32bit-2.7.2-1.1.aarch64",
                "product": {
                  "name": "libexpat1-32bit-2.7.2-1.1.aarch64",
                  "product_id": "libexpat1-32bit-2.7.2-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.2-1.1.ppc64le",
                "product": {
                  "name": "expat-2.7.2-1.1.ppc64le",
                  "product_id": "expat-2.7.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.2-1.1.ppc64le",
                "product": {
                  "name": "libexpat-devel-2.7.2-1.1.ppc64le",
                  "product_id": "libexpat-devel-2.7.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-32bit-2.7.2-1.1.ppc64le",
                "product": {
                  "name": "libexpat-devel-32bit-2.7.2-1.1.ppc64le",
                  "product_id": "libexpat-devel-32bit-2.7.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.2-1.1.ppc64le",
                "product": {
                  "name": "libexpat1-2.7.2-1.1.ppc64le",
                  "product_id": "libexpat1-2.7.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-32bit-2.7.2-1.1.ppc64le",
                "product": {
                  "name": "libexpat1-32bit-2.7.2-1.1.ppc64le",
                  "product_id": "libexpat1-32bit-2.7.2-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.2-1.1.s390x",
                "product": {
                  "name": "expat-2.7.2-1.1.s390x",
                  "product_id": "expat-2.7.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.2-1.1.s390x",
                "product": {
                  "name": "libexpat-devel-2.7.2-1.1.s390x",
                  "product_id": "libexpat-devel-2.7.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-32bit-2.7.2-1.1.s390x",
                "product": {
                  "name": "libexpat-devel-32bit-2.7.2-1.1.s390x",
                  "product_id": "libexpat-devel-32bit-2.7.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.2-1.1.s390x",
                "product": {
                  "name": "libexpat1-2.7.2-1.1.s390x",
                  "product_id": "libexpat1-2.7.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-32bit-2.7.2-1.1.s390x",
                "product": {
                  "name": "libexpat1-32bit-2.7.2-1.1.s390x",
                  "product_id": "libexpat1-32bit-2.7.2-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.2-1.1.x86_64",
                "product": {
                  "name": "expat-2.7.2-1.1.x86_64",
                  "product_id": "expat-2.7.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.2-1.1.x86_64",
                "product": {
                  "name": "libexpat-devel-2.7.2-1.1.x86_64",
                  "product_id": "libexpat-devel-2.7.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-32bit-2.7.2-1.1.x86_64",
                "product": {
                  "name": "libexpat-devel-32bit-2.7.2-1.1.x86_64",
                  "product_id": "libexpat-devel-32bit-2.7.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.2-1.1.x86_64",
                "product": {
                  "name": "libexpat1-2.7.2-1.1.x86_64",
                  "product_id": "libexpat1-2.7.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-32bit-2.7.2-1.1.x86_64",
                "product": {
                  "name": "libexpat1-32bit-2.7.2-1.1.x86_64",
                  "product_id": "libexpat1-32bit-2.7.2-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:expat-2.7.2-1.1.aarch64"
        },
        "product_reference": "expat-2.7.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:expat-2.7.2-1.1.ppc64le"
        },
        "product_reference": "expat-2.7.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:expat-2.7.2-1.1.s390x"
        },
        "product_reference": "expat-2.7.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:expat-2.7.2-1.1.x86_64"
        },
        "product_reference": "expat-2.7.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.aarch64"
        },
        "product_reference": "libexpat-devel-2.7.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.ppc64le"
        },
        "product_reference": "libexpat-devel-2.7.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.s390x"
        },
        "product_reference": "libexpat-devel-2.7.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.x86_64"
        },
        "product_reference": "libexpat-devel-2.7.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-32bit-2.7.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.aarch64"
        },
        "product_reference": "libexpat-devel-32bit-2.7.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-32bit-2.7.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.ppc64le"
        },
        "product_reference": "libexpat-devel-32bit-2.7.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-32bit-2.7.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.s390x"
        },
        "product_reference": "libexpat-devel-32bit-2.7.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-32bit-2.7.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.x86_64"
        },
        "product_reference": "libexpat-devel-32bit-2.7.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.aarch64"
        },
        "product_reference": "libexpat1-2.7.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.ppc64le"
        },
        "product_reference": "libexpat1-2.7.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.s390x"
        },
        "product_reference": "libexpat1-2.7.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.x86_64"
        },
        "product_reference": "libexpat1-2.7.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-32bit-2.7.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.aarch64"
        },
        "product_reference": "libexpat1-32bit-2.7.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-32bit-2.7.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.ppc64le"
        },
        "product_reference": "libexpat1-32bit-2.7.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-32bit-2.7.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.s390x"
        },
        "product_reference": "libexpat1-32bit-2.7.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-32bit-2.7.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.x86_64"
        },
        "product_reference": "libexpat1-32bit-2.7.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59375",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-59375"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:expat-2.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:expat-2.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:expat-2.7.2-1.1.s390x",
          "openSUSE Tumbleweed:expat-2.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.s390x",
          "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.s390x",
          "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.s390x",
          "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.s390x",
          "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-59375",
          "url": "https://www.suse.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249584 for CVE-2025-59375",
          "url": "https://bugzilla.suse.com/1249584"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:expat-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:expat-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:expat-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:expat-2.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:expat-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:expat-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:expat-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:expat-2.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-23T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-59375"
    }
  ]
}

OPENSUSE-SU-2025:20055-1

Vulnerability from csaf_opensuse - Published: 2025-11-19 09:37 - Updated: 2025-11-19 09:37

Summary

Security update for expat

Severity

Important

Notes

Title of the patch: Security update for expat

Description of the patch: This update for expat fixes the following issues: - CVE-2025-59375: Fixed large dynamic memory allocations via a small document submitted for parsing (bsc#1249584)

Patchnames: openSUSE-Leap-16.0-29

CVE-2025-59375

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:expat-2.7.1-160000.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:expat-2.7.1-160000.3.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:expat-2.7.1-160000.3.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:expat-2.7.1-160000.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.x86_64	—	Vendor Fix

Threats

Impact important

References

6 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://bugzilla.suse.com/1249584	self
https://www.suse.com/security/cve/CVE-2025-59375/	self
https://www.suse.com/security/cve/CVE-2025-59375	external
https://bugzilla.suse.com/1249584	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for expat",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for expat fixes the following issues:\n\n- CVE-2025-59375: Fixed large dynamic memory allocations via a small document submitted for parsing (bsc#1249584)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Leap-16.0-29",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_20055-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1249584",
        "url": "https://bugzilla.suse.com/1249584"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-59375 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-59375/"
      }
    ],
    "title": "Security update for expat",
    "tracking": {
      "current_release_date": "2025-11-19T09:37:50Z",
      "generator": {
        "date": "2025-11-19T09:37:50Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:20055-1",
      "initial_release_date": "2025-11-19T09:37:50Z",
      "revision_history": [
        {
          "date": "2025-11-19T09:37:50Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.1-160000.3.1.aarch64",
                "product": {
                  "name": "expat-2.7.1-160000.3.1.aarch64",
                  "product_id": "expat-2.7.1-160000.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.1-160000.3.1.aarch64",
                "product": {
                  "name": "libexpat-devel-2.7.1-160000.3.1.aarch64",
                  "product_id": "libexpat-devel-2.7.1-160000.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.1-160000.3.1.aarch64",
                "product": {
                  "name": "libexpat1-2.7.1-160000.3.1.aarch64",
                  "product_id": "libexpat1-2.7.1-160000.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.1-160000.3.1.ppc64le",
                "product": {
                  "name": "expat-2.7.1-160000.3.1.ppc64le",
                  "product_id": "expat-2.7.1-160000.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.1-160000.3.1.ppc64le",
                "product": {
                  "name": "libexpat-devel-2.7.1-160000.3.1.ppc64le",
                  "product_id": "libexpat-devel-2.7.1-160000.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.1-160000.3.1.ppc64le",
                "product": {
                  "name": "libexpat1-2.7.1-160000.3.1.ppc64le",
                  "product_id": "libexpat1-2.7.1-160000.3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.1-160000.3.1.s390x",
                "product": {
                  "name": "expat-2.7.1-160000.3.1.s390x",
                  "product_id": "expat-2.7.1-160000.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.1-160000.3.1.s390x",
                "product": {
                  "name": "libexpat-devel-2.7.1-160000.3.1.s390x",
                  "product_id": "libexpat-devel-2.7.1-160000.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.1-160000.3.1.s390x",
                "product": {
                  "name": "libexpat1-2.7.1-160000.3.1.s390x",
                  "product_id": "libexpat1-2.7.1-160000.3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.1-160000.3.1.x86_64",
                "product": {
                  "name": "expat-2.7.1-160000.3.1.x86_64",
                  "product_id": "expat-2.7.1-160000.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.1-160000.3.1.x86_64",
                "product": {
                  "name": "libexpat-devel-2.7.1-160000.3.1.x86_64",
                  "product_id": "libexpat-devel-2.7.1-160000.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.1-160000.3.1.x86_64",
                "product": {
                  "name": "libexpat1-2.7.1-160000.3.1.x86_64",
                  "product_id": "libexpat1-2.7.1-160000.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 16.0",
                "product": {
                  "name": "openSUSE Leap 16.0",
                  "product_id": "openSUSE Leap 16.0"
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.1-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.aarch64"
        },
        "product_reference": "expat-2.7.1-160000.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.1-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.ppc64le"
        },
        "product_reference": "expat-2.7.1-160000.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.1-160000.3.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.s390x"
        },
        "product_reference": "expat-2.7.1-160000.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.1-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.x86_64"
        },
        "product_reference": "expat-2.7.1-160000.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.1-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.aarch64"
        },
        "product_reference": "libexpat-devel-2.7.1-160000.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.1-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.ppc64le"
        },
        "product_reference": "libexpat-devel-2.7.1-160000.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.1-160000.3.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.s390x"
        },
        "product_reference": "libexpat-devel-2.7.1-160000.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.1-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.x86_64"
        },
        "product_reference": "libexpat-devel-2.7.1-160000.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.1-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.aarch64"
        },
        "product_reference": "libexpat1-2.7.1-160000.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.1-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.ppc64le"
        },
        "product_reference": "libexpat1-2.7.1-160000.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.1-160000.3.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.s390x"
        },
        "product_reference": "libexpat1-2.7.1-160000.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.1-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.x86_64"
        },
        "product_reference": "libexpat1-2.7.1-160000.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59375",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-59375"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.aarch64",
          "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.ppc64le",
          "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.s390x",
          "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.x86_64",
          "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.aarch64",
          "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.ppc64le",
          "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.s390x",
          "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.x86_64",
          "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.aarch64",
          "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.ppc64le",
          "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.s390x",
          "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-59375",
          "url": "https://www.suse.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249584 for CVE-2025-59375",
          "url": "https://bugzilla.suse.com/1249584"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.x86_64",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.x86_64",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.x86_64",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.x86_64",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-19T09:37:50Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-59375"
    }
  ]
}

OPENSUSE-SU-2026:10413-1

Vulnerability from csaf_opensuse - Published: 2026-03-24 00:00 - Updated: 2026-03-24 00:00

Summary

firefox-esr-140.9.0-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: firefox-esr-140.9.0-1.1 on GA media

Description of the patch: These are all security issues fixed in the firefox-esr-140.9.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2026-10413

CVE-2025-59375

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4684

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4685

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4686

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4687

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4688

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4689

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4690

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4691

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4692

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4693

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4694

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4695

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4696

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4697

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4698

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4699

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4700

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4701

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4702

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4704

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4705

6.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4706

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4707

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4708

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4709

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4710

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4711

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4712

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4713

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4714

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4715

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4716

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4717

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4718

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4719

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4720

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4721

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

116 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2025-59375/	self
https://www.suse.com/security/cve/CVE-2026-4684/	self
https://www.suse.com/security/cve/CVE-2026-4685/	self
https://www.suse.com/security/cve/CVE-2026-4686/	self
https://www.suse.com/security/cve/CVE-2026-4687/	self
https://www.suse.com/security/cve/CVE-2026-4688/	self
https://www.suse.com/security/cve/CVE-2026-4689/	self
https://www.suse.com/security/cve/CVE-2026-4690/	self
https://www.suse.com/security/cve/CVE-2026-4691/	self
https://www.suse.com/security/cve/CVE-2026-4692/	self
https://www.suse.com/security/cve/CVE-2026-4693/	self
https://www.suse.com/security/cve/CVE-2026-4694/	self
https://www.suse.com/security/cve/CVE-2026-4695/	self
https://www.suse.com/security/cve/CVE-2026-4696/	self
https://www.suse.com/security/cve/CVE-2026-4697/	self
https://www.suse.com/security/cve/CVE-2026-4698/	self
https://www.suse.com/security/cve/CVE-2026-4699/	self
https://www.suse.com/security/cve/CVE-2026-4700/	self
https://www.suse.com/security/cve/CVE-2026-4701/	self
https://www.suse.com/security/cve/CVE-2026-4702/	self
https://www.suse.com/security/cve/CVE-2026-4704/	self
https://www.suse.com/security/cve/CVE-2026-4705/	self
https://www.suse.com/security/cve/CVE-2026-4706/	self
https://www.suse.com/security/cve/CVE-2026-4707/	self
https://www.suse.com/security/cve/CVE-2026-4708/	self
https://www.suse.com/security/cve/CVE-2026-4709/	self
https://www.suse.com/security/cve/CVE-2026-4710/	self
https://www.suse.com/security/cve/CVE-2026-4711/	self
https://www.suse.com/security/cve/CVE-2026-4712/	self
https://www.suse.com/security/cve/CVE-2026-4713/	self
https://www.suse.com/security/cve/CVE-2026-4714/	self
https://www.suse.com/security/cve/CVE-2026-4715/	self
https://www.suse.com/security/cve/CVE-2026-4716/	self
https://www.suse.com/security/cve/CVE-2026-4717/	self
https://www.suse.com/security/cve/CVE-2026-4718/	self
https://www.suse.com/security/cve/CVE-2026-4719/	self
https://www.suse.com/security/cve/CVE-2026-4720/	self
https://www.suse.com/security/cve/CVE-2026-4721/	self
https://www.suse.com/security/cve/CVE-2025-59375	external
https://bugzilla.suse.com/1249584	external
https://www.suse.com/security/cve/CVE-2026-4684	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4685	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4686	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4687	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4688	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4689	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4690	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4691	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4692	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4693	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4694	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4695	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4696	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4697	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4698	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4699	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4700	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4701	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4702	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4704	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4705	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4706	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4707	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4708	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4709	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4710	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4711	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4712	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4713	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4714	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4715	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4716	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4717	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4718	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4719	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4720	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4721	external
https://bugzilla.suse.com/1260083	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "firefox-esr-140.9.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the firefox-esr-140.9.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2026-10413",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10413-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-59375 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-59375/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4684 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4684/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4685 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4685/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4686 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4686/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4687 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4687/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4688 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4688/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4689 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4689/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4690 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4690/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4691 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4691/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4692 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4692/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4693 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4693/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4694 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4694/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4695 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4696 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4696/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4697 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4697/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4698 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4698/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4699 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4699/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4700 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4700/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4701 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4701/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4702 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4702/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4704 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4704/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4705 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4705/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4706 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4706/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4707 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4707/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4708 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4708/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4709 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4709/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4710 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4710/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4711 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4711/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4712 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4712/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4713 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4713/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4714 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4714/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4715 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4715/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4716 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4716/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4717 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4717/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4718 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4718/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4719 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4719/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4720 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4720/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4721 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4721/"
      }
    ],
    "title": "firefox-esr-140.9.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2026-03-24T00:00:00Z",
      "generator": {
        "date": "2026-03-24T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:10413-1",
      "initial_release_date": "2026-03-24T00:00:00Z",
      "revision_history": [
        {
          "date": "2026-03-24T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-esr-140.9.0-1.1.aarch64",
                "product": {
                  "name": "firefox-esr-140.9.0-1.1.aarch64",
                  "product_id": "firefox-esr-140.9.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
                "product": {
                  "name": "firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
                  "product_id": "firefox-esr-branding-upstream-140.9.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-common-140.9.0-1.1.aarch64",
                "product": {
                  "name": "firefox-esr-translations-common-140.9.0-1.1.aarch64",
                  "product_id": "firefox-esr-translations-common-140.9.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-other-140.9.0-1.1.aarch64",
                "product": {
                  "name": "firefox-esr-translations-other-140.9.0-1.1.aarch64",
                  "product_id": "firefox-esr-translations-other-140.9.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-esr-140.9.0-1.1.ppc64le",
                "product": {
                  "name": "firefox-esr-140.9.0-1.1.ppc64le",
                  "product_id": "firefox-esr-140.9.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
                "product": {
                  "name": "firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
                  "product_id": "firefox-esr-branding-upstream-140.9.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-common-140.9.0-1.1.ppc64le",
                "product": {
                  "name": "firefox-esr-translations-common-140.9.0-1.1.ppc64le",
                  "product_id": "firefox-esr-translations-common-140.9.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-other-140.9.0-1.1.ppc64le",
                "product": {
                  "name": "firefox-esr-translations-other-140.9.0-1.1.ppc64le",
                  "product_id": "firefox-esr-translations-other-140.9.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-esr-140.9.0-1.1.s390x",
                "product": {
                  "name": "firefox-esr-140.9.0-1.1.s390x",
                  "product_id": "firefox-esr-140.9.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-branding-upstream-140.9.0-1.1.s390x",
                "product": {
                  "name": "firefox-esr-branding-upstream-140.9.0-1.1.s390x",
                  "product_id": "firefox-esr-branding-upstream-140.9.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-common-140.9.0-1.1.s390x",
                "product": {
                  "name": "firefox-esr-translations-common-140.9.0-1.1.s390x",
                  "product_id": "firefox-esr-translations-common-140.9.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-other-140.9.0-1.1.s390x",
                "product": {
                  "name": "firefox-esr-translations-other-140.9.0-1.1.s390x",
                  "product_id": "firefox-esr-translations-other-140.9.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-esr-140.9.0-1.1.x86_64",
                "product": {
                  "name": "firefox-esr-140.9.0-1.1.x86_64",
                  "product_id": "firefox-esr-140.9.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
                "product": {
                  "name": "firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
                  "product_id": "firefox-esr-branding-upstream-140.9.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-common-140.9.0-1.1.x86_64",
                "product": {
                  "name": "firefox-esr-translations-common-140.9.0-1.1.x86_64",
                  "product_id": "firefox-esr-translations-common-140.9.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-other-140.9.0-1.1.x86_64",
                "product": {
                  "name": "firefox-esr-translations-other-140.9.0-1.1.x86_64",
                  "product_id": "firefox-esr-translations-other-140.9.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-140.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64"
        },
        "product_reference": "firefox-esr-140.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-140.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le"
        },
        "product_reference": "firefox-esr-140.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-140.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x"
        },
        "product_reference": "firefox-esr-140.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-140.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64"
        },
        "product_reference": "firefox-esr-140.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-branding-upstream-140.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64"
        },
        "product_reference": "firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-branding-upstream-140.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le"
        },
        "product_reference": "firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-branding-upstream-140.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x"
        },
        "product_reference": "firefox-esr-branding-upstream-140.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-branding-upstream-140.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64"
        },
        "product_reference": "firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-common-140.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64"
        },
        "product_reference": "firefox-esr-translations-common-140.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-common-140.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le"
        },
        "product_reference": "firefox-esr-translations-common-140.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-common-140.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x"
        },
        "product_reference": "firefox-esr-translations-common-140.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-common-140.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64"
        },
        "product_reference": "firefox-esr-translations-common-140.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-other-140.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64"
        },
        "product_reference": "firefox-esr-translations-other-140.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-other-140.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le"
        },
        "product_reference": "firefox-esr-translations-other-140.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-other-140.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x"
        },
        "product_reference": "firefox-esr-translations-other-140.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-other-140.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        },
        "product_reference": "firefox-esr-translations-other-140.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59375",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-59375"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-59375",
          "url": "https://www.suse.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249584 for CVE-2025-59375",
          "url": "https://bugzilla.suse.com/1249584"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2026-4684",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4684"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4684",
          "url": "https://www.suse.com/security/cve/CVE-2026-4684"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4684",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4684"
    },
    {
      "cve": "CVE-2026-4685",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4685"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4685",
          "url": "https://www.suse.com/security/cve/CVE-2026-4685"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4685",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4685"
    },
    {
      "cve": "CVE-2026-4686",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4686"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4686",
          "url": "https://www.suse.com/security/cve/CVE-2026-4686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4686",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4686"
    },
    {
      "cve": "CVE-2026-4687",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4687"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4687",
          "url": "https://www.suse.com/security/cve/CVE-2026-4687"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4687",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4687"
    },
    {
      "cve": "CVE-2026-4688",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4688"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4688",
          "url": "https://www.suse.com/security/cve/CVE-2026-4688"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4688",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4688"
    },
    {
      "cve": "CVE-2026-4689",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4689"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4689",
          "url": "https://www.suse.com/security/cve/CVE-2026-4689"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4689",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4689"
    },
    {
      "cve": "CVE-2026-4690",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4690"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4690",
          "url": "https://www.suse.com/security/cve/CVE-2026-4690"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4690",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4690"
    },
    {
      "cve": "CVE-2026-4691",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4691"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4691",
          "url": "https://www.suse.com/security/cve/CVE-2026-4691"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4691",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4691"
    },
    {
      "cve": "CVE-2026-4692",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4692"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4692",
          "url": "https://www.suse.com/security/cve/CVE-2026-4692"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4692",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4692"
    },
    {
      "cve": "CVE-2026-4693",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4693"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4693",
          "url": "https://www.suse.com/security/cve/CVE-2026-4693"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4693",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4693"
    },
    {
      "cve": "CVE-2026-4694",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4694"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4694",
          "url": "https://www.suse.com/security/cve/CVE-2026-4694"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4694",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4694"
    },
    {
      "cve": "CVE-2026-4695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4695",
          "url": "https://www.suse.com/security/cve/CVE-2026-4695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4695",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4695"
    },
    {
      "cve": "CVE-2026-4696",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4696"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4696",
          "url": "https://www.suse.com/security/cve/CVE-2026-4696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4696",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4696"
    },
    {
      "cve": "CVE-2026-4697",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4697"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4697",
          "url": "https://www.suse.com/security/cve/CVE-2026-4697"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4697",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4697"
    },
    {
      "cve": "CVE-2026-4698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4698",
          "url": "https://www.suse.com/security/cve/CVE-2026-4698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4698",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4698"
    },
    {
      "cve": "CVE-2026-4699",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4699"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4699",
          "url": "https://www.suse.com/security/cve/CVE-2026-4699"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4699",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4699"
    },
    {
      "cve": "CVE-2026-4700",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4700"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4700",
          "url": "https://www.suse.com/security/cve/CVE-2026-4700"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4700",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4700"
    },
    {
      "cve": "CVE-2026-4701",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4701"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4701",
          "url": "https://www.suse.com/security/cve/CVE-2026-4701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4701",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4701"
    },
    {
      "cve": "CVE-2026-4702",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4702"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4702",
          "url": "https://www.suse.com/security/cve/CVE-2026-4702"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4702",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4702"
    },
    {
      "cve": "CVE-2026-4704",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4704"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4704",
          "url": "https://www.suse.com/security/cve/CVE-2026-4704"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4704",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4704"
    },
    {
      "cve": "CVE-2026-4705",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4705"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4705",
          "url": "https://www.suse.com/security/cve/CVE-2026-4705"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4705",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4705"
    },
    {
      "cve": "CVE-2026-4706",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4706"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4706",
          "url": "https://www.suse.com/security/cve/CVE-2026-4706"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4706",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4706"
    },
    {
      "cve": "CVE-2026-4707",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4707"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4707",
          "url": "https://www.suse.com/security/cve/CVE-2026-4707"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4707",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4707"
    },
    {
      "cve": "CVE-2026-4708",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4708"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4708",
          "url": "https://www.suse.com/security/cve/CVE-2026-4708"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4708",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4708"
    },
    {
      "cve": "CVE-2026-4709",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4709"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4709",
          "url": "https://www.suse.com/security/cve/CVE-2026-4709"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4709",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4709"
    },
    {
      "cve": "CVE-2026-4710",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4710"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4710",
          "url": "https://www.suse.com/security/cve/CVE-2026-4710"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4710",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4710"
    },
    {
      "cve": "CVE-2026-4711",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4711"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4711",
          "url": "https://www.suse.com/security/cve/CVE-2026-4711"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4711",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4711"
    },
    {
      "cve": "CVE-2026-4712",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4712"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4712",
          "url": "https://www.suse.com/security/cve/CVE-2026-4712"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4712",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4712"
    },
    {
      "cve": "CVE-2026-4713",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4713"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4713",
          "url": "https://www.suse.com/security/cve/CVE-2026-4713"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4713",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4713"
    },
    {
      "cve": "CVE-2026-4714",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4714"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4714",
          "url": "https://www.suse.com/security/cve/CVE-2026-4714"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4714",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4714"
    },
    {
      "cve": "CVE-2026-4715",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4715"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4715",
          "url": "https://www.suse.com/security/cve/CVE-2026-4715"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4715",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4715"
    },
    {
      "cve": "CVE-2026-4716",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4716"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4716",
          "url": "https://www.suse.com/security/cve/CVE-2026-4716"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4716",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4716"
    },
    {
      "cve": "CVE-2026-4717",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4717"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Privilege escalation in the Netmonitor component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4717",
          "url": "https://www.suse.com/security/cve/CVE-2026-4717"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4717",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4717"
    },
    {
      "cve": "CVE-2026-4718",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4718"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4718",
          "url": "https://www.suse.com/security/cve/CVE-2026-4718"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4718",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4718"
    },
    {
      "cve": "CVE-2026-4719",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4719"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4719",
          "url": "https://www.suse.com/security/cve/CVE-2026-4719"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4719",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4719"
    },
    {
      "cve": "CVE-2026-4720",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4720"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4720",
          "url": "https://www.suse.com/security/cve/CVE-2026-4720"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4720",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4720"
    },
    {
      "cve": "CVE-2026-4721",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4721"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4721",
          "url": "https://www.suse.com/security/cve/CVE-2026-4721"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4721",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4721"
    }
  ]
}

OPENSUSE-SU-2026:10447-1

Vulnerability from csaf_opensuse - Published: 2026-03-28 00:00 - Updated: 2026-03-28 00:00

Summary

MozillaThunderbird-140.9.0-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: MozillaThunderbird-140.9.0-1.1 on GA media

Description of the patch: These are all security issues fixed in the MozillaThunderbird-140.9.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2026-10447

CVE-2025-59375

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-3889

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4371

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4684

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4685

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4686

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4687

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4688

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4689

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4690

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4691

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4692

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4693

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4694

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4695

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4696

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4697

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4698

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4699

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4700

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4701

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4702

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4704

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4705

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4706

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4707

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4708

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4709

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4710

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4711

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4712

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4713

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4714

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4715

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4716

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4717

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4718

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4719

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4720

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4721

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

122 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2025-59375/	self
https://www.suse.com/security/cve/CVE-2026-3889/	self
https://www.suse.com/security/cve/CVE-2026-4371/	self
https://www.suse.com/security/cve/CVE-2026-4684/	self
https://www.suse.com/security/cve/CVE-2026-4685/	self
https://www.suse.com/security/cve/CVE-2026-4686/	self
https://www.suse.com/security/cve/CVE-2026-4687/	self
https://www.suse.com/security/cve/CVE-2026-4688/	self
https://www.suse.com/security/cve/CVE-2026-4689/	self
https://www.suse.com/security/cve/CVE-2026-4690/	self
https://www.suse.com/security/cve/CVE-2026-4691/	self
https://www.suse.com/security/cve/CVE-2026-4692/	self
https://www.suse.com/security/cve/CVE-2026-4693/	self
https://www.suse.com/security/cve/CVE-2026-4694/	self
https://www.suse.com/security/cve/CVE-2026-4695/	self
https://www.suse.com/security/cve/CVE-2026-4696/	self
https://www.suse.com/security/cve/CVE-2026-4697/	self
https://www.suse.com/security/cve/CVE-2026-4698/	self
https://www.suse.com/security/cve/CVE-2026-4699/	self
https://www.suse.com/security/cve/CVE-2026-4700/	self
https://www.suse.com/security/cve/CVE-2026-4701/	self
https://www.suse.com/security/cve/CVE-2026-4702/	self
https://www.suse.com/security/cve/CVE-2026-4704/	self
https://www.suse.com/security/cve/CVE-2026-4705/	self
https://www.suse.com/security/cve/CVE-2026-4706/	self
https://www.suse.com/security/cve/CVE-2026-4707/	self
https://www.suse.com/security/cve/CVE-2026-4708/	self
https://www.suse.com/security/cve/CVE-2026-4709/	self
https://www.suse.com/security/cve/CVE-2026-4710/	self
https://www.suse.com/security/cve/CVE-2026-4711/	self
https://www.suse.com/security/cve/CVE-2026-4712/	self
https://www.suse.com/security/cve/CVE-2026-4713/	self
https://www.suse.com/security/cve/CVE-2026-4714/	self
https://www.suse.com/security/cve/CVE-2026-4715/	self
https://www.suse.com/security/cve/CVE-2026-4716/	self
https://www.suse.com/security/cve/CVE-2026-4717/	self
https://www.suse.com/security/cve/CVE-2026-4718/	self
https://www.suse.com/security/cve/CVE-2026-4719/	self
https://www.suse.com/security/cve/CVE-2026-4720/	self
https://www.suse.com/security/cve/CVE-2026-4721/	self
https://www.suse.com/security/cve/CVE-2025-59375	external
https://bugzilla.suse.com/1249584	external
https://www.suse.com/security/cve/CVE-2026-3889	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4371	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4684	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4685	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4686	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4687	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4688	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4689	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4690	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4691	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4692	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4693	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4694	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4695	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4696	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4697	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4698	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4699	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4700	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4701	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4702	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4704	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4705	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4706	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4707	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4708	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4709	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4710	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4711	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4712	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4713	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4714	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4715	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4716	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4717	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4718	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4719	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4720	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4721	external
https://bugzilla.suse.com/1260083	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "MozillaThunderbird-140.9.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the MozillaThunderbird-140.9.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2026-10447",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10447-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-59375 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-59375/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-3889 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-3889/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4371 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4371/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4684 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4684/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4685 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4685/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4686 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4686/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4687 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4687/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4688 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4688/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4689 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4689/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4690 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4690/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4691 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4691/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4692 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4692/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4693 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4693/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4694 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4694/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4695 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4696 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4696/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4697 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4697/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4698 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4698/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4699 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4699/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4700 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4700/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4701 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4701/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4702 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4702/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4704 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4704/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4705 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4705/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4706 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4706/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4707 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4707/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4708 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4708/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4709 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4709/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4710 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4710/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4711 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4711/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4712 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4712/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4713 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4713/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4714 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4714/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4715 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4715/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4716 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4716/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4717 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4717/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4718 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4718/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4719 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4719/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4720 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4720/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4721 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4721/"
      }
    ],
    "title": "MozillaThunderbird-140.9.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2026-03-28T00:00:00Z",
      "generator": {
        "date": "2026-03-28T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:10447-1",
      "initial_release_date": "2026-03-28T00:00:00Z",
      "revision_history": [
        {
          "date": "2026-03-28T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-140.9.0-1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-140.9.0-1.1.aarch64",
                  "product_id": "MozillaThunderbird-140.9.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
                  "product_id": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
                  "product_id": "MozillaThunderbird-translations-common-140.9.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
                  "product_id": "MozillaThunderbird-translations-other-140.9.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-140.9.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-140.9.0-1.1.ppc64le",
                  "product_id": "MozillaThunderbird-140.9.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
                  "product_id": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
                  "product_id": "MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
                  "product_id": "MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-140.9.0-1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-140.9.0-1.1.s390x",
                  "product_id": "MozillaThunderbird-140.9.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
                  "product_id": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
                  "product_id": "MozillaThunderbird-translations-common-140.9.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
                  "product_id": "MozillaThunderbird-translations-other-140.9.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-140.9.0-1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-140.9.0-1.1.x86_64",
                  "product_id": "MozillaThunderbird-140.9.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
                  "product_id": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-common-140.9.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-140.9.0-1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-other-140.9.0-1.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-140.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-140.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-140.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-140.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-140.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-140.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-140.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-140.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-140.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-140.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-140.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-140.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-140.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-140.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-other-140.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59375",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-59375"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-59375",
          "url": "https://www.suse.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249584 for CVE-2025-59375",
          "url": "https://bugzilla.suse.com/1249584"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2026-3889",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-3889"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Spoofing issue in Thunderbird. This vulnerability affects Thunderbird \u003c 149 and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-3889",
          "url": "https://www.suse.com/security/cve/CVE-2026-3889"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-3889",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-3889"
    },
    {
      "cve": "CVE-2026-4371",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4371"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird \u003c 149 and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4371",
          "url": "https://www.suse.com/security/cve/CVE-2026-4371"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4371",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4371"
    },
    {
      "cve": "CVE-2026-4684",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4684"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4684",
          "url": "https://www.suse.com/security/cve/CVE-2026-4684"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4684",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4684"
    },
    {
      "cve": "CVE-2026-4685",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4685"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4685",
          "url": "https://www.suse.com/security/cve/CVE-2026-4685"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4685",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4685"
    },
    {
      "cve": "CVE-2026-4686",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4686"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4686",
          "url": "https://www.suse.com/security/cve/CVE-2026-4686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4686",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4686"
    },
    {
      "cve": "CVE-2026-4687",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4687"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4687",
          "url": "https://www.suse.com/security/cve/CVE-2026-4687"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4687",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4687"
    },
    {
      "cve": "CVE-2026-4688",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4688"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4688",
          "url": "https://www.suse.com/security/cve/CVE-2026-4688"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4688",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4688"
    },
    {
      "cve": "CVE-2026-4689",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4689"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4689",
          "url": "https://www.suse.com/security/cve/CVE-2026-4689"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4689",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4689"
    },
    {
      "cve": "CVE-2026-4690",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4690"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4690",
          "url": "https://www.suse.com/security/cve/CVE-2026-4690"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4690",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4690"
    },
    {
      "cve": "CVE-2026-4691",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4691"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4691",
          "url": "https://www.suse.com/security/cve/CVE-2026-4691"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4691",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4691"
    },
    {
      "cve": "CVE-2026-4692",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4692"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4692",
          "url": "https://www.suse.com/security/cve/CVE-2026-4692"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4692",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4692"
    },
    {
      "cve": "CVE-2026-4693",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4693"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4693",
          "url": "https://www.suse.com/security/cve/CVE-2026-4693"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4693",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4693"
    },
    {
      "cve": "CVE-2026-4694",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4694"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4694",
          "url": "https://www.suse.com/security/cve/CVE-2026-4694"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4694",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4694"
    },
    {
      "cve": "CVE-2026-4695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4695",
          "url": "https://www.suse.com/security/cve/CVE-2026-4695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4695",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4695"
    },
    {
      "cve": "CVE-2026-4696",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4696"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4696",
          "url": "https://www.suse.com/security/cve/CVE-2026-4696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4696",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4696"
    },
    {
      "cve": "CVE-2026-4697",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4697"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4697",
          "url": "https://www.suse.com/security/cve/CVE-2026-4697"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4697",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4697"
    },
    {
      "cve": "CVE-2026-4698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4698",
          "url": "https://www.suse.com/security/cve/CVE-2026-4698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4698",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4698"
    },
    {
      "cve": "CVE-2026-4699",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4699"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4699",
          "url": "https://www.suse.com/security/cve/CVE-2026-4699"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4699",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4699"
    },
    {
      "cve": "CVE-2026-4700",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4700"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4700",
          "url": "https://www.suse.com/security/cve/CVE-2026-4700"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4700",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4700"
    },
    {
      "cve": "CVE-2026-4701",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4701"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4701",
          "url": "https://www.suse.com/security/cve/CVE-2026-4701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4701",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4701"
    },
    {
      "cve": "CVE-2026-4702",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4702"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4702",
          "url": "https://www.suse.com/security/cve/CVE-2026-4702"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4702",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4702"
    },
    {
      "cve": "CVE-2026-4704",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4704"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4704",
          "url": "https://www.suse.com/security/cve/CVE-2026-4704"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4704",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4704"
    },
    {
      "cve": "CVE-2026-4705",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4705"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4705",
          "url": "https://www.suse.com/security/cve/CVE-2026-4705"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4705",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4705"
    },
    {
      "cve": "CVE-2026-4706",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4706"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4706",
          "url": "https://www.suse.com/security/cve/CVE-2026-4706"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4706",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4706"
    },
    {
      "cve": "CVE-2026-4707",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4707"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4707",
          "url": "https://www.suse.com/security/cve/CVE-2026-4707"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4707",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4707"
    },
    {
      "cve": "CVE-2026-4708",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4708"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4708",
          "url": "https://www.suse.com/security/cve/CVE-2026-4708"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4708",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4708"
    },
    {
      "cve": "CVE-2026-4709",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4709"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4709",
          "url": "https://www.suse.com/security/cve/CVE-2026-4709"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4709",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4709"
    },
    {
      "cve": "CVE-2026-4710",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4710"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4710",
          "url": "https://www.suse.com/security/cve/CVE-2026-4710"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4710",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4710"
    },
    {
      "cve": "CVE-2026-4711",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4711"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4711",
          "url": "https://www.suse.com/security/cve/CVE-2026-4711"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4711",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4711"
    },
    {
      "cve": "CVE-2026-4712",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4712"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4712",
          "url": "https://www.suse.com/security/cve/CVE-2026-4712"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4712",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4712"
    },
    {
      "cve": "CVE-2026-4713",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4713"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4713",
          "url": "https://www.suse.com/security/cve/CVE-2026-4713"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4713",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4713"
    },
    {
      "cve": "CVE-2026-4714",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4714"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4714",
          "url": "https://www.suse.com/security/cve/CVE-2026-4714"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4714",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4714"
    },
    {
      "cve": "CVE-2026-4715",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4715"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4715",
          "url": "https://www.suse.com/security/cve/CVE-2026-4715"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4715",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4715"
    },
    {
      "cve": "CVE-2026-4716",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4716"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4716",
          "url": "https://www.suse.com/security/cve/CVE-2026-4716"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4716",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4716"
    },
    {
      "cve": "CVE-2026-4717",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4717"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Privilege escalation in the Netmonitor component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4717",
          "url": "https://www.suse.com/security/cve/CVE-2026-4717"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4717",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4717"
    },
    {
      "cve": "CVE-2026-4718",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4718"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4718",
          "url": "https://www.suse.com/security/cve/CVE-2026-4718"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4718",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4718"
    },
    {
      "cve": "CVE-2026-4719",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4719"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4719",
          "url": "https://www.suse.com/security/cve/CVE-2026-4719"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4719",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4719"
    },
    {
      "cve": "CVE-2026-4720",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4720"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4720",
          "url": "https://www.suse.com/security/cve/CVE-2026-4720"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4720",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4720"
    },
    {
      "cve": "CVE-2026-4721",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4721"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4721",
          "url": "https://www.suse.com/security/cve/CVE-2026-4721"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4721",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:MozillaThunderbird-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4721"
    }
  ]
}

OPENSUSE-SU-2026:20664-1

Vulnerability from csaf_opensuse - Published: 2026-05-01 17:00 - Updated: 2026-05-01 17:00

Summary

Security update for MozillaThunderbird

Severity

Important

Notes

Title of the patch: Security update for MozillaThunderbird

Description of the patch: This update for MozillaThunderbird fixes the following issues: Changes in MozillaThunderbird: - Mozilla Thunderbird 140.10.0 ESR * Newly translated strings were not available in Thunderbird MFSA 2026-34 (bsc#1262230) * CVE-2026-6746 Use-after-free in the DOM: Core & HTML component * CVE-2026-6747 Use-after-free in the WebRTC component * CVE-2026-6748 Uninitialized memory in the Audio/Video: Web Codecs component * CVE-2026-6749 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component * CVE-2026-6750 Privilege escalation in the Graphics: WebRender component * CVE-2026-6751 Uninitialized memory in the Audio/Video: Web Codecs component * CVE-2026-6752 Incorrect boundary conditions in the WebRTC component * CVE-2026-6753 Incorrect boundary conditions in the WebRTC component * CVE-2026-6754 Use-after-free in the JavaScript Engine component * CVE-2026-6757 Invalid pointer in the JavaScript: WebAssembly component * CVE-2026-6759 Use-after-free in the Widget: Cocoa component * CVE-2026-6761 Privilege escalation in the Networking component * CVE-2026-6762 Spoofing issue in the DOM: Core & HTML component * CVE-2026-6763 Mitigation bypass in the File Handling component * CVE-2026-6764 Incorrect boundary conditions in the DOM: Device Interfaces component * CVE-2026-6765 Information disclosure in the Form Autofill component * CVE-2026-6766 Incorrect boundary conditions in the Libraries component in NSS * CVE-2026-6767 Other issue in the Libraries component in NSS * CVE-2026-6769 Privilege escalation in the Debugger component * CVE-2026-6770 Other issue in the Storage: IndexedDB component * CVE-2026-6771 Mitigation bypass in the DOM: Security component * CVE-2026-6772 Incorrect boundary conditions in the Libraries component in NSS * CVE-2026-6776 Incorrect boundary conditions in the WebRTC: Networking component * CVE-2026-6785 Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 * CVE-2026-6786 Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 - Mozilla Thunderbird 140.9.1 ESR MFSA 2026-29 * CVE-2026-5732 Incorrect boundary conditions, integer overflow in the Graphics: Text component * CVE-2026-5731 Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 * CVE-2026-5734 Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 - Mozilla Thunderbird 140.9.0 ESR MFSA 2026-24 (bsc#1260083) * CVE-2026-3889 Spoofing issue in Thunderbird * CVE-2026-4371 Out of bounds read in IMAP parsing * CVE-2026-4684 Race condition, use-after-free in the Graphics: WebRender component * CVE-2026-4685 Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4686 Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4687 Sandbox escape due to incorrect boundary conditions in the Telemetry component * CVE-2026-4688 Sandbox escape due to use-after-free in the Disability Access APIs component * CVE-2026-4689 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component * CVE-2026-4690 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component * CVE-2026-4691 Use-after-free in the CSS Parsing and Computation component * CVE-2026-4692 Sandbox escape in the Responsive Design Mode component * CVE-2026-4693 Incorrect boundary conditions in the Audio/Video: Playback component * CVE-2026-4694 Incorrect boundary conditions, integer overflow in the Graphics component * CVE-2026-4695 Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-4696 Use-after-free in the Layout: Text and Fonts component * CVE-2026-4697 Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-4698 JIT miscompilation in the JavaScript Engine: JIT component * CVE-2026-4699 Incorrect boundary conditions in the Layout: Text and Fonts component * CVE-2026-4700 Mitigation bypass in the Networking: HTTP component * CVE-2026-4701 Use-after-free in the JavaScript Engine component * CVE-2026-4702 JIT miscompilation in the JavaScript Engine component * CVE-2026-4704 Denial-of-service in the WebRTC: Signaling component * CVE-2026-4705 Undefined behavior in the WebRTC: Signaling component * CVE-2026-4706 Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4707 Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4708 Incorrect boundary conditions in the Graphics component * CVE-2026-4709 Incorrect boundary conditions in the Audio/Video: GMP component * CVE-2026-4710 Incorrect boundary conditions in the Audio/Video component * CVE-2026-4711 Use-after-free in the Widget: Cocoa component * CVE-2026-4712 Information disclosure in the Widget: Cocoa component * CVE-2026-4713 Incorrect boundary conditions in the Graphics component * CVE-2026-4714 Incorrect boundary conditions in the Audio/Video component * CVE-2026-4715 Uninitialized memory in the Graphics: Canvas2D component * CVE-2026-4716 Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component * CVE-2026-4717 Privilege escalation in the Netmonitor component * CVE-2025-59375 Denial-of-service in the XML component * CVE-2026-4718 Undefined behavior in the WebRTC: Signaling component * CVE-2026-4719 Incorrect boundary conditions in the Graphics: Text component * CVE-2026-4720 Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 * CVE-2026-4721 Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

Patchnames: openSUSE-Leap-16.0-packagehub-230

CVE-2025-59375

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-3889

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4371

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4684

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4685

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4686

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4687

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4688

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4689

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4690

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4691

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4692

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4693

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4694

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4695

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4696

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4697

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4698

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4699

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4700

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4701

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4702

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4704

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4705

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4706

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4707

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4708

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4709

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4710

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4711

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4712

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4713

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4714

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4715

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4716

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4717

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4718

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4719

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4720

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-4721

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-5731

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-5732

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-5734

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-6746

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6747

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6748

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6749

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6750

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6751

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6752

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6753

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6754

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6757

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6759

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6761

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6762

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6763

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6764

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6765

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6766

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6767

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6769

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6770

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6771

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6772

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6776

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6785

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2026-6786

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64	—	Vendor Fix

Threats

Impact critical

References

208 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://bugzilla.suse.com/1260083	self
https://bugzilla.suse.com/1262230	self
https://www.suse.com/security/cve/CVE-2025-59375/	self
https://www.suse.com/security/cve/CVE-2026-3889/	self
https://www.suse.com/security/cve/CVE-2026-4371/	self
https://www.suse.com/security/cve/CVE-2026-4684/	self
https://www.suse.com/security/cve/CVE-2026-4685/	self
https://www.suse.com/security/cve/CVE-2026-4686/	self
https://www.suse.com/security/cve/CVE-2026-4687/	self
https://www.suse.com/security/cve/CVE-2026-4688/	self
https://www.suse.com/security/cve/CVE-2026-4689/	self
https://www.suse.com/security/cve/CVE-2026-4690/	self
https://www.suse.com/security/cve/CVE-2026-4691/	self
https://www.suse.com/security/cve/CVE-2026-4692/	self
https://www.suse.com/security/cve/CVE-2026-4693/	self
https://www.suse.com/security/cve/CVE-2026-4694/	self
https://www.suse.com/security/cve/CVE-2026-4695/	self
https://www.suse.com/security/cve/CVE-2026-4696/	self
https://www.suse.com/security/cve/CVE-2026-4697/	self
https://www.suse.com/security/cve/CVE-2026-4698/	self
https://www.suse.com/security/cve/CVE-2026-4699/	self
https://www.suse.com/security/cve/CVE-2026-4700/	self
https://www.suse.com/security/cve/CVE-2026-4701/	self
https://www.suse.com/security/cve/CVE-2026-4702/	self
https://www.suse.com/security/cve/CVE-2026-4704/	self
https://www.suse.com/security/cve/CVE-2026-4705/	self
https://www.suse.com/security/cve/CVE-2026-4706/	self
https://www.suse.com/security/cve/CVE-2026-4707/	self
https://www.suse.com/security/cve/CVE-2026-4708/	self
https://www.suse.com/security/cve/CVE-2026-4709/	self
https://www.suse.com/security/cve/CVE-2026-4710/	self
https://www.suse.com/security/cve/CVE-2026-4711/	self
https://www.suse.com/security/cve/CVE-2026-4712/	self
https://www.suse.com/security/cve/CVE-2026-4713/	self
https://www.suse.com/security/cve/CVE-2026-4714/	self
https://www.suse.com/security/cve/CVE-2026-4715/	self
https://www.suse.com/security/cve/CVE-2026-4716/	self
https://www.suse.com/security/cve/CVE-2026-4717/	self
https://www.suse.com/security/cve/CVE-2026-4718/	self
https://www.suse.com/security/cve/CVE-2026-4719/	self
https://www.suse.com/security/cve/CVE-2026-4720/	self
https://www.suse.com/security/cve/CVE-2026-4721/	self
https://www.suse.com/security/cve/CVE-2026-5731/	self
https://www.suse.com/security/cve/CVE-2026-5732/	self
https://www.suse.com/security/cve/CVE-2026-5734/	self
https://www.suse.com/security/cve/CVE-2026-6746/	self
https://www.suse.com/security/cve/CVE-2026-6747/	self
https://www.suse.com/security/cve/CVE-2026-6748/	self
https://www.suse.com/security/cve/CVE-2026-6749/	self
https://www.suse.com/security/cve/CVE-2026-6750/	self
https://www.suse.com/security/cve/CVE-2026-6751/	self
https://www.suse.com/security/cve/CVE-2026-6752/	self
https://www.suse.com/security/cve/CVE-2026-6753/	self
https://www.suse.com/security/cve/CVE-2026-6754/	self
https://www.suse.com/security/cve/CVE-2026-6757/	self
https://www.suse.com/security/cve/CVE-2026-6759/	self
https://www.suse.com/security/cve/CVE-2026-6761/	self
https://www.suse.com/security/cve/CVE-2026-6762/	self
https://www.suse.com/security/cve/CVE-2026-6763/	self
https://www.suse.com/security/cve/CVE-2026-6764/	self
https://www.suse.com/security/cve/CVE-2026-6765/	self
https://www.suse.com/security/cve/CVE-2026-6766/	self
https://www.suse.com/security/cve/CVE-2026-6767/	self
https://www.suse.com/security/cve/CVE-2026-6769/	self
https://www.suse.com/security/cve/CVE-2026-6770/	self
https://www.suse.com/security/cve/CVE-2026-6771/	self
https://www.suse.com/security/cve/CVE-2026-6772/	self
https://www.suse.com/security/cve/CVE-2026-6776/	self
https://www.suse.com/security/cve/CVE-2026-6785/	self
https://www.suse.com/security/cve/CVE-2026-6786/	self
https://www.suse.com/security/cve/CVE-2025-59375	external
https://bugzilla.suse.com/1249584	external
https://www.suse.com/security/cve/CVE-2026-3889	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4371	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4684	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4685	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4686	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4687	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4688	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4689	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4690	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4691	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4692	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4693	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4694	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4695	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4696	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4697	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4698	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4699	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4700	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4701	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4702	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4704	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4705	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4706	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4707	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4708	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4709	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4710	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4711	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4712	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4713	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4714	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4715	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4716	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4717	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4718	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4719	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4720	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-4721	external
https://bugzilla.suse.com/1260083	external
https://www.suse.com/security/cve/CVE-2026-5731	external
https://bugzilla.suse.com/1261663	external
https://www.suse.com/security/cve/CVE-2026-5732	external
https://bugzilla.suse.com/1261663	external
https://www.suse.com/security/cve/CVE-2026-5734	external
https://bugzilla.suse.com/1261663	external
https://www.suse.com/security/cve/CVE-2026-6746	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6747	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6748	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6749	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6750	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6751	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6752	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6753	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6754	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6757	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6759	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6761	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6762	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6763	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6764	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6765	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6766	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6767	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6769	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6770	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6771	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6772	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6776	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6785	external
https://bugzilla.suse.com/1262230	external
https://www.suse.com/security/cve/CVE-2026-6786	external
https://bugzilla.suse.com/1262230	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for MozillaThunderbird",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for MozillaThunderbird fixes the following issues:\n\nChanges in MozillaThunderbird:\n\n- Mozilla Thunderbird 140.10.0 ESR\n  * Newly translated strings were not available in Thunderbird\n  MFSA 2026-34 (bsc#1262230)\n  * CVE-2026-6746 Use-after-free in the DOM: Core \u0026 HTML component\n  * CVE-2026-6747 Use-after-free in the WebRTC component\n  * CVE-2026-6748 Uninitialized memory in the Audio/Video: Web Codecs component\n  * CVE-2026-6749 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component\n  * CVE-2026-6750 Privilege escalation in the Graphics: WebRender component\n  * CVE-2026-6751 Uninitialized memory in the Audio/Video: Web Codecs component\n  * CVE-2026-6752 Incorrect boundary conditions in the WebRTC component\n  * CVE-2026-6753 Incorrect boundary conditions in the WebRTC component\n  * CVE-2026-6754 Use-after-free in the JavaScript Engine component\n  * CVE-2026-6757 Invalid pointer in the JavaScript: WebAssembly component\n  * CVE-2026-6759 Use-after-free in the Widget: Cocoa component\n  * CVE-2026-6761 Privilege escalation in the Networking component\n  * CVE-2026-6762 Spoofing issue in the DOM: Core \u0026 HTML component\n  * CVE-2026-6763 Mitigation bypass in the File Handling component\n  * CVE-2026-6764 Incorrect boundary conditions in the DOM: Device Interfaces component\n  * CVE-2026-6765 Information disclosure in the Form Autofill component\n  * CVE-2026-6766 Incorrect boundary conditions in the Libraries component in NSS\n  * CVE-2026-6767 Other issue in the Libraries component in NSS\n  * CVE-2026-6769 Privilege escalation in the Debugger component\n  * CVE-2026-6770 Other issue in the Storage: IndexedDB component\n  * CVE-2026-6771 Mitigation bypass in the DOM: Security component\n  * CVE-2026-6772 Incorrect boundary conditions in the Libraries component in NSS\n  * CVE-2026-6776 Incorrect boundary conditions in the WebRTC: Networking component\n  * CVE-2026-6785 Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150\n  * CVE-2026-6786 Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150\n\n- Mozilla Thunderbird 140.9.1 ESR\n  MFSA 2026-29\n  * CVE-2026-5732 Incorrect boundary conditions, integer overflow in the Graphics: Text component\n  * CVE-2026-5731 Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2\n  * CVE-2026-5734 Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2\n\n- Mozilla Thunderbird 140.9.0 ESR\n  MFSA 2026-24 (bsc#1260083)\n  * CVE-2026-3889 Spoofing issue in Thunderbird\n  * CVE-2026-4371 Out of bounds read in IMAP parsing\n  * CVE-2026-4684 Race condition, use-after-free in the Graphics: WebRender component\n  * CVE-2026-4685 Incorrect boundary conditions in the Graphics: Canvas2D component\n  * CVE-2026-4686 Incorrect boundary conditions in the Graphics: Canvas2D component\n  * CVE-2026-4687 Sandbox escape due to incorrect boundary conditions in the Telemetry component\n  * CVE-2026-4688 Sandbox escape due to use-after-free in the Disability Access APIs component\n  * CVE-2026-4689 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component\n  * CVE-2026-4690 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component\n  * CVE-2026-4691 Use-after-free in the CSS Parsing and Computation component\n  * CVE-2026-4692 Sandbox escape in the Responsive Design Mode component\n  * CVE-2026-4693 Incorrect boundary conditions in the Audio/Video: Playback component\n  * CVE-2026-4694 Incorrect boundary conditions, integer overflow in the Graphics component\n  * CVE-2026-4695 Incorrect boundary conditions in the Audio/Video: Web Codecs component\n  * CVE-2026-4696 Use-after-free in the Layout: Text and Fonts component\n  * CVE-2026-4697 Incorrect boundary conditions in the Audio/Video: Web Codecs component\n  * CVE-2026-4698 JIT miscompilation in the JavaScript Engine: JIT component\n  * CVE-2026-4699 Incorrect boundary conditions in the Layout: Text and Fonts component\n  * CVE-2026-4700 Mitigation bypass in the Networking: HTTP component\n  * CVE-2026-4701 Use-after-free in the JavaScript Engine component\n  * CVE-2026-4702 JIT miscompilation in the JavaScript Engine component\n  * CVE-2026-4704 Denial-of-service in the WebRTC: Signaling component\n  * CVE-2026-4705 Undefined behavior in the WebRTC: Signaling component\n  * CVE-2026-4706 Incorrect boundary conditions in the Graphics: Canvas2D component\n  * CVE-2026-4707 Incorrect boundary conditions in the Graphics: Canvas2D component\n  * CVE-2026-4708 Incorrect boundary conditions in the Graphics component\n  * CVE-2026-4709 Incorrect boundary conditions in the Audio/Video: GMP component\n  * CVE-2026-4710 Incorrect boundary conditions in the Audio/Video component\n  * CVE-2026-4711 Use-after-free in the Widget: Cocoa component\n  * CVE-2026-4712 Information disclosure in the Widget: Cocoa component\n  * CVE-2026-4713 Incorrect boundary conditions in the Graphics component\n  * CVE-2026-4714 Incorrect boundary conditions in the Audio/Video component\n  * CVE-2026-4715 Uninitialized memory in the Graphics: Canvas2D component\n  * CVE-2026-4716 Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component\n  * CVE-2026-4717 Privilege escalation in the Netmonitor component\n  * CVE-2025-59375 Denial-of-service in the XML component\n  * CVE-2026-4718 Undefined behavior in the WebRTC: Signaling component\n  * CVE-2026-4719 Incorrect boundary conditions in the Graphics: Text component\n  * CVE-2026-4720 Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149\n  * CVE-2026-4721 Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Leap-16.0-packagehub-230",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20664-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260083",
        "url": "https://bugzilla.suse.com/1260083"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1262230",
        "url": "https://bugzilla.suse.com/1262230"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-59375 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-59375/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-3889 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-3889/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4371 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4371/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4684 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4684/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4685 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4685/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4686 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4686/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4687 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4687/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4688 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4688/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4689 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4689/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4690 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4690/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4691 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4691/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4692 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4692/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4693 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4693/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4694 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4694/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4695 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4696 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4696/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4697 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4697/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4698 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4698/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4699 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4699/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4700 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4700/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4701 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4701/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4702 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4702/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4704 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4704/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4705 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4705/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4706 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4706/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4707 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4707/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4708 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4708/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4709 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4709/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4710 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4710/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4711 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4711/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4712 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4712/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4713 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4713/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4714 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4714/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4715 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4715/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4716 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4716/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4717 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4717/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4718 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4718/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4719 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4719/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4720 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4720/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4721 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4721/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-5731 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-5731/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-5732 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-5732/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-5734 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-5734/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6746 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6746/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6747 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6747/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6748 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6748/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6749 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6749/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6750 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6750/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6751 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6751/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6752 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6752/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6753 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6753/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6754 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6754/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6757 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6757/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6759 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6759/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6761 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6761/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6762 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6762/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6763 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6763/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6764 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6764/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6765 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6765/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6766 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6766/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6767 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6767/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6769 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6769/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6770 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6770/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6771 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6771/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6772 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6772/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6776 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6776/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6785 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6785/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6786 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6786/"
      }
    ],
    "title": "Security update for MozillaThunderbird",
    "tracking": {
      "current_release_date": "2026-05-01T17:00:28Z",
      "generator": {
        "date": "2026-05-01T17:00:28Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:20664-1",
      "initial_release_date": "2026-05-01T17:00:28Z",
      "revision_history": [
        {
          "date": "2026-05-01T17:00:28Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
                  "product_id": "MozillaThunderbird-140.10.0-bp160.1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
                  "product_id": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
                  "product_id": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
                  "product_id": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
                  "product_id": "MozillaThunderbird-140.10.0-bp160.1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
                  "product_id": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
                  "product_id": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
                "product": {
                  "name": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
                  "product_id": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-140.10.0-bp160.1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-140.10.0-bp160.1.1.s390x",
                  "product_id": "MozillaThunderbird-140.10.0-bp160.1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
                  "product_id": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
                  "product_id": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
                  "product_id": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
                  "product_id": "MozillaThunderbird-140.10.0-bp160.1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
                  "product_id": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 16.0",
                "product": {
                  "name": "openSUSE Leap 16.0",
                  "product_id": "openSUSE Leap 16.0"
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-140.10.0-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-140.10.0-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-140.10.0-bp160.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-140.10.0-bp160.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-140.10.0-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le"
        },
        "product_reference": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x"
        },
        "product_reference": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59375",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-59375"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-59375",
          "url": "https://www.suse.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249584 for CVE-2025-59375",
          "url": "https://bugzilla.suse.com/1249584"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2026-3889",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-3889"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-3889",
          "url": "https://www.suse.com/security/cve/CVE-2026-3889"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-3889",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-3889"
    },
    {
      "cve": "CVE-2026-4371",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4371"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4371",
          "url": "https://www.suse.com/security/cve/CVE-2026-4371"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4371",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4371"
    },
    {
      "cve": "CVE-2026-4684",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4684"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4684",
          "url": "https://www.suse.com/security/cve/CVE-2026-4684"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4684",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4684"
    },
    {
      "cve": "CVE-2026-4685",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4685"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4685",
          "url": "https://www.suse.com/security/cve/CVE-2026-4685"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4685",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4685"
    },
    {
      "cve": "CVE-2026-4686",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4686"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4686",
          "url": "https://www.suse.com/security/cve/CVE-2026-4686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4686",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4686"
    },
    {
      "cve": "CVE-2026-4687",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4687"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4687",
          "url": "https://www.suse.com/security/cve/CVE-2026-4687"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4687",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4687"
    },
    {
      "cve": "CVE-2026-4688",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4688"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4688",
          "url": "https://www.suse.com/security/cve/CVE-2026-4688"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4688",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4688"
    },
    {
      "cve": "CVE-2026-4689",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4689"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4689",
          "url": "https://www.suse.com/security/cve/CVE-2026-4689"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4689",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4689"
    },
    {
      "cve": "CVE-2026-4690",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4690"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4690",
          "url": "https://www.suse.com/security/cve/CVE-2026-4690"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4690",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4690"
    },
    {
      "cve": "CVE-2026-4691",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4691"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4691",
          "url": "https://www.suse.com/security/cve/CVE-2026-4691"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4691",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4691"
    },
    {
      "cve": "CVE-2026-4692",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4692"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4692",
          "url": "https://www.suse.com/security/cve/CVE-2026-4692"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4692",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4692"
    },
    {
      "cve": "CVE-2026-4693",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4693"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4693",
          "url": "https://www.suse.com/security/cve/CVE-2026-4693"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4693",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4693"
    },
    {
      "cve": "CVE-2026-4694",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4694"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4694",
          "url": "https://www.suse.com/security/cve/CVE-2026-4694"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4694",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4694"
    },
    {
      "cve": "CVE-2026-4695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4695",
          "url": "https://www.suse.com/security/cve/CVE-2026-4695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4695",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4695"
    },
    {
      "cve": "CVE-2026-4696",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4696"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4696",
          "url": "https://www.suse.com/security/cve/CVE-2026-4696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4696",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4696"
    },
    {
      "cve": "CVE-2026-4697",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4697"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4697",
          "url": "https://www.suse.com/security/cve/CVE-2026-4697"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4697",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4697"
    },
    {
      "cve": "CVE-2026-4698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4698",
          "url": "https://www.suse.com/security/cve/CVE-2026-4698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4698",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4698"
    },
    {
      "cve": "CVE-2026-4699",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4699"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4699",
          "url": "https://www.suse.com/security/cve/CVE-2026-4699"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4699",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4699"
    },
    {
      "cve": "CVE-2026-4700",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4700"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4700",
          "url": "https://www.suse.com/security/cve/CVE-2026-4700"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4700",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4700"
    },
    {
      "cve": "CVE-2026-4701",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4701"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4701",
          "url": "https://www.suse.com/security/cve/CVE-2026-4701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4701",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4701"
    },
    {
      "cve": "CVE-2026-4702",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4702"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4702",
          "url": "https://www.suse.com/security/cve/CVE-2026-4702"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4702",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4702"
    },
    {
      "cve": "CVE-2026-4704",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4704"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4704",
          "url": "https://www.suse.com/security/cve/CVE-2026-4704"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4704",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4704"
    },
    {
      "cve": "CVE-2026-4705",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4705"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4705",
          "url": "https://www.suse.com/security/cve/CVE-2026-4705"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4705",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4705"
    },
    {
      "cve": "CVE-2026-4706",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4706"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4706",
          "url": "https://www.suse.com/security/cve/CVE-2026-4706"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4706",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4706"
    },
    {
      "cve": "CVE-2026-4707",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4707"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4707",
          "url": "https://www.suse.com/security/cve/CVE-2026-4707"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4707",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4707"
    },
    {
      "cve": "CVE-2026-4708",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4708"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4708",
          "url": "https://www.suse.com/security/cve/CVE-2026-4708"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4708",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4708"
    },
    {
      "cve": "CVE-2026-4709",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4709"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4709",
          "url": "https://www.suse.com/security/cve/CVE-2026-4709"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4709",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4709"
    },
    {
      "cve": "CVE-2026-4710",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4710"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4710",
          "url": "https://www.suse.com/security/cve/CVE-2026-4710"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4710",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4710"
    },
    {
      "cve": "CVE-2026-4711",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4711"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4711",
          "url": "https://www.suse.com/security/cve/CVE-2026-4711"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4711",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4711"
    },
    {
      "cve": "CVE-2026-4712",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4712"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Information disclosure in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4712",
          "url": "https://www.suse.com/security/cve/CVE-2026-4712"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4712",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4712"
    },
    {
      "cve": "CVE-2026-4713",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4713"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4713",
          "url": "https://www.suse.com/security/cve/CVE-2026-4713"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4713",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4713"
    },
    {
      "cve": "CVE-2026-4714",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4714"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4714",
          "url": "https://www.suse.com/security/cve/CVE-2026-4714"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4714",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4714"
    },
    {
      "cve": "CVE-2026-4715",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4715"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4715",
          "url": "https://www.suse.com/security/cve/CVE-2026-4715"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4715",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4715"
    },
    {
      "cve": "CVE-2026-4716",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4716"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4716",
          "url": "https://www.suse.com/security/cve/CVE-2026-4716"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4716",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4716"
    },
    {
      "cve": "CVE-2026-4717",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4717"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4717",
          "url": "https://www.suse.com/security/cve/CVE-2026-4717"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4717",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4717"
    },
    {
      "cve": "CVE-2026-4718",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4718"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4718",
          "url": "https://www.suse.com/security/cve/CVE-2026-4718"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4718",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4718"
    },
    {
      "cve": "CVE-2026-4719",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4719"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4719",
          "url": "https://www.suse.com/security/cve/CVE-2026-4719"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4719",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4719"
    },
    {
      "cve": "CVE-2026-4720",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4720"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4720",
          "url": "https://www.suse.com/security/cve/CVE-2026-4720"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4720",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4720"
    },
    {
      "cve": "CVE-2026-4721",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4721"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4721",
          "url": "https://www.suse.com/security/cve/CVE-2026-4721"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4721",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4721"
    },
    {
      "cve": "CVE-2026-5731",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-5731"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-5731",
          "url": "https://www.suse.com/security/cve/CVE-2026-5731"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261663 for CVE-2026-5731",
          "url": "https://bugzilla.suse.com/1261663"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-5731"
    },
    {
      "cve": "CVE-2026-5732",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-5732"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-5732",
          "url": "https://www.suse.com/security/cve/CVE-2026-5732"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261663 for CVE-2026-5732",
          "url": "https://bugzilla.suse.com/1261663"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-5732"
    },
    {
      "cve": "CVE-2026-5734",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-5734"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-5734",
          "url": "https://www.suse.com/security/cve/CVE-2026-5734"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261663 for CVE-2026-5734",
          "url": "https://bugzilla.suse.com/1261663"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-5734"
    },
    {
      "cve": "CVE-2026-6746",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6746"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6746",
          "url": "https://www.suse.com/security/cve/CVE-2026-6746"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6746",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6746"
    },
    {
      "cve": "CVE-2026-6747",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6747"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6747",
          "url": "https://www.suse.com/security/cve/CVE-2026-6747"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6747",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6747"
    },
    {
      "cve": "CVE-2026-6748",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6748"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6748",
          "url": "https://www.suse.com/security/cve/CVE-2026-6748"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6748",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6748"
    },
    {
      "cve": "CVE-2026-6749",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6749"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6749",
          "url": "https://www.suse.com/security/cve/CVE-2026-6749"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6749",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6749"
    },
    {
      "cve": "CVE-2026-6750",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6750"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6750",
          "url": "https://www.suse.com/security/cve/CVE-2026-6750"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6750",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6750"
    },
    {
      "cve": "CVE-2026-6751",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6751"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6751",
          "url": "https://www.suse.com/security/cve/CVE-2026-6751"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6751",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6751"
    },
    {
      "cve": "CVE-2026-6752",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6752"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6752",
          "url": "https://www.suse.com/security/cve/CVE-2026-6752"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6752",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6752"
    },
    {
      "cve": "CVE-2026-6753",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6753"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6753",
          "url": "https://www.suse.com/security/cve/CVE-2026-6753"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6753",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6753"
    },
    {
      "cve": "CVE-2026-6754",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6754"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6754",
          "url": "https://www.suse.com/security/cve/CVE-2026-6754"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6754",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6754"
    },
    {
      "cve": "CVE-2026-6757",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6757"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6757",
          "url": "https://www.suse.com/security/cve/CVE-2026-6757"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6757",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6757"
    },
    {
      "cve": "CVE-2026-6759",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6759"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6759",
          "url": "https://www.suse.com/security/cve/CVE-2026-6759"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6759",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6759"
    },
    {
      "cve": "CVE-2026-6761",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6761"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6761",
          "url": "https://www.suse.com/security/cve/CVE-2026-6761"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6761",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6761"
    },
    {
      "cve": "CVE-2026-6762",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6762"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Spoofing issue in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6762",
          "url": "https://www.suse.com/security/cve/CVE-2026-6762"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6762",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6762"
    },
    {
      "cve": "CVE-2026-6763",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6763"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6763",
          "url": "https://www.suse.com/security/cve/CVE-2026-6763"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6763",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6763"
    },
    {
      "cve": "CVE-2026-6764",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6764"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6764",
          "url": "https://www.suse.com/security/cve/CVE-2026-6764"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6764",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6764"
    },
    {
      "cve": "CVE-2026-6765",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6765"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6765",
          "url": "https://www.suse.com/security/cve/CVE-2026-6765"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6765",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6765"
    },
    {
      "cve": "CVE-2026-6766",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6766"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6766",
          "url": "https://www.suse.com/security/cve/CVE-2026-6766"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6766",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6766"
    },
    {
      "cve": "CVE-2026-6767",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6767"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6767",
          "url": "https://www.suse.com/security/cve/CVE-2026-6767"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6767",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6767"
    },
    {
      "cve": "CVE-2026-6769",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6769"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6769",
          "url": "https://www.suse.com/security/cve/CVE-2026-6769"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6769",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6769"
    },
    {
      "cve": "CVE-2026-6770",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6770"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6770",
          "url": "https://www.suse.com/security/cve/CVE-2026-6770"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6770",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6770"
    },
    {
      "cve": "CVE-2026-6771",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6771"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6771",
          "url": "https://www.suse.com/security/cve/CVE-2026-6771"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6771",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6771"
    },
    {
      "cve": "CVE-2026-6772",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6772"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6772",
          "url": "https://www.suse.com/security/cve/CVE-2026-6772"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6772",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6772"
    },
    {
      "cve": "CVE-2026-6776",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6776"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6776",
          "url": "https://www.suse.com/security/cve/CVE-2026-6776"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6776",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6776"
    },
    {
      "cve": "CVE-2026-6785",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6785"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6785",
          "url": "https://www.suse.com/security/cve/CVE-2026-6785"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6785",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6785"
    },
    {
      "cve": "CVE-2026-6786",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6786"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
          "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6786",
          "url": "https://www.suse.com/security/cve/CVE-2026-6786"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262230 for CVE-2026-6786",
          "url": "https://bugzilla.suse.com/1262230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-openpgp-librnp-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-common-140.10.0-bp160.1.1.x86_64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.aarch64",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.ppc64le",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.s390x",
            "openSUSE Leap 16.0:MozillaThunderbird-translations-other-140.10.0-bp160.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-01T17:00:28Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2026-6786"
    }
  ]
}

RHSA-2025:19020

Vulnerability from csaf_redhat - Published: 2025-10-27 17:46 - Updated: 2026-06-03 17:13

Summary

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP2 security update

Severity

Important

Notes

Topic: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. Security Fix(es): * expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing [jbcs-httpd-2.4] (CVE-2025-59375) * libxml2: Heap use after free (UAF) leads to Denial of service (DoS) [jbcs-httpd-2.4] (CVE-2025-49794) * libxml2: Null pointer dereference leads to Denial of service (DoS) [jbcs-httpd-2.4] (CVE-2025-49795) * libxml2: Type confusion leads to Denial of service (DoS) [jbcs-httpd-2.4] (CVE-2025-49796) * libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 [jbcs-httpd-2.4] (CVE-2025-6021) A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-6021

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Core Services 2.4.62.SP2 Red Hat / Red Hat JBoss Core Services	`cpe:/a:redhat:jboss_core_services:1`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-825 - Expired Pointer Dereference

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Core Services 2.4.62.SP2 Red Hat / Red Hat JBoss Core Services	`cpe:/a:redhat:jboss_core_services:1`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-49795

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-825 - Expired Pointer Dereference

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Core Services 2.4.62.SP2 Red Hat / Red Hat JBoss Core Services	`cpe:/a:redhat:jboss_core_services:1`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-49796

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Core Services 2.4.62.SP2 Red Hat / Red Hat JBoss Core Services	`cpe:/a:redhat:jboss_core_services:1`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2025-59375

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Core Services 2.4.62.SP2 Red Hat / Red Hat JBoss Core Services	`cpe:/a:redhat:jboss_core_services:1`	—	Vendor Fix fix Workaround

Threats

Impact Important

References

35 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:19020	self
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2372373	external
https://bugzilla.redhat.com/show_bug.cgi?id=2372379	external
https://bugzilla.redhat.com/show_bug.cgi?id=2372385	external
https://bugzilla.redhat.com/show_bug.cgi?id=2372406	external
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-6021	self
https://bugzilla.redhat.com/show_bug.cgi?id=2372406	external
https://www.cve.org/CVERecord?id=CVE-2025-6021	external
https://nvd.nist.gov/vuln/detail/CVE-2025-6021	external
https://gitlab.gnome.org/GNOME/libxml2/-/issues/926	external
https://access.redhat.com/security/cve/CVE-2025-49794	self
https://bugzilla.redhat.com/show_bug.cgi?id=2372373	external
https://www.cve.org/CVERecord?id=CVE-2025-49794	external
https://nvd.nist.gov/vuln/detail/CVE-2025-49794	external
https://gitlab.gnome.org/GNOME/libxml2/-/issues/931	external
https://access.redhat.com/security/cve/CVE-2025-49795	self
https://bugzilla.redhat.com/show_bug.cgi?id=2372379	external
https://www.cve.org/CVERecord?id=CVE-2025-49795	external
https://nvd.nist.gov/vuln/detail/CVE-2025-49795	external
https://gitlab.gnome.org/GNOME/libxml2/-/issues/932	external
https://access.redhat.com/security/cve/CVE-2025-49796	self
https://bugzilla.redhat.com/show_bug.cgi?id=2372385	external
https://www.cve.org/CVERecord?id=CVE-2025-49796	external
https://nvd.nist.gov/vuln/detail/CVE-2025-49796	external
https://gitlab.gnome.org/GNOME/libxml2/-/issues/933	external
https://access.redhat.com/security/cve/CVE-2025-59375	self
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://www.cve.org/CVERecord?id=CVE-2025-59375	external
https://nvd.nist.gov/vuln/detail/CVE-2025-59375	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external

Acknowledgments

Ahmed Lekssays

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 2 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing [jbcs-httpd-2.4] (CVE-2025-59375)\n* libxml2: Heap use after free (UAF) leads to Denial of service (DoS) [jbcs-httpd-2.4] (CVE-2025-49794)\n* libxml2: Null pointer dereference leads to Denial of service (DoS) [jbcs-httpd-2.4] (CVE-2025-49795)\n* libxml2: Type confusion leads to Denial of service (DoS) [jbcs-httpd-2.4] (CVE-2025-49796)\n* libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 [jbcs-httpd-2.4] (CVE-2025-6021)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:19020",
        "url": "https://access.redhat.com/errata/RHSA-2025:19020"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.62/html/red_hat_jboss_core_services_apache_http_server_2.4.62_service_pack_2_release_notes/index",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.62/html/red_hat_jboss_core_services_apache_http_server_2.4.62_service_pack_2_release_notes/index"
      },
      {
        "category": "external",
        "summary": "2372373",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
      },
      {
        "category": "external",
        "summary": "2372379",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372379"
      },
      {
        "category": "external",
        "summary": "2372385",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
      },
      {
        "category": "external",
        "summary": "2372406",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
      },
      {
        "category": "external",
        "summary": "2395108",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19020.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP2 security update",
    "tracking": {
      "current_release_date": "2026-06-03T17:13:10+00:00",
      "generator": {
        "date": "2026-06-03T17:13:10+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2025:19020",
      "initial_release_date": "2025-10-27T17:46:24+00:00",
      "revision_history": [
        {
          "date": "2025-10-27T17:46:24+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-11-19T16:06:29+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-03T17:13:10+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Core Services 2.4.62.SP2",
                "product": {
                  "name": "Red Hat JBoss Core Services 2.4.62.SP2",
                  "product_id": "Red Hat JBoss Core Services 2.4.62.SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_core_services:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Core Services"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Ahmed Lekssays"
          ]
        }
      ],
      "cve": "CVE-2025-6021",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2025-06-12T07:55:45.428000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2372406"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libxml2\u0027s xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Moderate due to the lack of confidentiality impact and limited integrity concerns, with the main risk being potential denial-of-service  from a crash. Exploitation requires crafted XML input and specific application behavior using xmlBuildQName. While it\u2019s a write overflow, modern mitigations make remote code execution unlikely.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 2.4.62.SP2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-6021"
        },
        {
          "category": "external",
          "summary": "RHBZ#2372406",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-6021",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926",
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926"
        }
      ],
      "release_date": "2025-06-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-27T17:46:24+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link. You must be logged in to download the update.",
          "product_ids": [
            "Red Hat JBoss Core Services 2.4.62.SP2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:19020"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Users are strongly advised to apply vendor-supplied patches as soon as they become available to address the underlying integer overflow flaw in the affected code.",
          "product_ids": [
            "Red Hat JBoss Core Services 2.4.62.SP2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Core Services 2.4.62.SP2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2"
    },
    {
      "cve": "CVE-2025-49794",
      "cwe": {
        "id": "CWE-825",
        "name": "Expired Pointer Dereference"
      },
      "discovery_date": "2025-06-11T21:33:43.044000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2372373"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue was rated with a severity impact of Important by Red Hat Product Security, as libxml can be used to parse XML coming from the network depending on how the program consumes it and uses the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 2.4.62.SP2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-49794"
        },
        {
          "category": "external",
          "summary": "RHBZ#2372373",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-49794",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931",
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931"
        }
      ],
      "release_date": "2025-06-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-27T17:46:24+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link. You must be logged in to download the update.",
          "product_ids": [
            "Red Hat JBoss Core Services 2.4.62.SP2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:19020"
        },
        {
          "category": "workaround",
          "details": "There\u0027s no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.",
          "product_ids": [
            "Red Hat JBoss Core Services 2.4.62.SP2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Core Services 2.4.62.SP2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)"
    },
    {
      "cve": "CVE-2025-49795",
      "cwe": {
        "id": "CWE-825",
        "name": "Expired Pointer Dereference"
      },
      "discovery_date": "2025-06-12T00:31:08.194000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2372379"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libxml: Null pointer dereference leads to Denial of service (DoS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability marked as Important rather than Moderate due to its triggerability through untrusted input and impact on availability in a widely-used XML processing library like libxml2, which is often embedded in system-level and server-side applications. Although it is \"just\" a NULL pointer dereference\u2014typically classified as a DoS\u2014the context significantly elevates its severity. libxml2 frequently operates in environments that parse external XML content, such as web services, security scanners, and document processors. A crafted XML exploiting malformed XPath in Schematron schemas can reliably crash the application without requiring special privileges or user interaction.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 2.4.62.SP2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-49795"
        },
        {
          "category": "external",
          "summary": "RHBZ#2372379",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372379"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-49795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49795"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49795",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49795"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/932",
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/932"
        }
      ],
      "release_date": "2025-06-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-27T17:46:24+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link. You must be logged in to download the update.",
          "product_ids": [
            "Red Hat JBoss Core Services 2.4.62.SP2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:19020"
        },
        {
          "category": "workaround",
          "details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "Red Hat JBoss Core Services 2.4.62.SP2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Core Services 2.4.62.SP2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libxml: Null pointer dereference leads to Denial of service (DoS)"
    },
    {
      "cve": "CVE-2025-49796",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2025-06-12T00:35:26.470000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2372385"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libxml: Type confusion leads to Denial of service (DoS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 2.4.62.SP2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-49796"
        },
        {
          "category": "external",
          "summary": "RHBZ#2372385",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-49796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933",
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933"
        }
      ],
      "release_date": "2025-06-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-27T17:46:24+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link. You must be logged in to download the update.",
          "product_ids": [
            "Red Hat JBoss Core Services 2.4.62.SP2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:19020"
        },
        {
          "category": "workaround",
          "details": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.",
          "product_ids": [
            "Red Hat JBoss Core Services 2.4.62.SP2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Core Services 2.4.62.SP2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libxml: Type confusion leads to Denial of service (DoS)"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-09-15T03:00:59.775098+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2395108"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Core Services 2.4.62.SP2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "RHBZ#2395108",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
        }
      ],
      "release_date": "2025-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-27T17:46:24+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link. You must be logged in to download the update.",
          "product_ids": [
            "Red Hat JBoss Core Services 2.4.62.SP2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:19020"
        },
        {
          "category": "workaround",
          "details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
          "product_ids": [
            "Red Hat JBoss Core Services 2.4.62.SP2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Core Services 2.4.62.SP2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
    }
  ]
}

RHSA-2025:19403

Vulnerability from csaf_redhat - Published: 2025-11-03 02:00 - Updated: 2026-06-02 15:25

Summary

Red Hat Security Advisory: expat security update

Severity

Important

Notes

Topic: An update for expat is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Expat is a C library for parsing XML documents. Security Fix(es): * expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-59375

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.src	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

References

10 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:19403	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-59375	self
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://www.cve.org/CVERecord?id=CVE-2025-59375	external
https://nvd.nist.gov/vuln/detail/CVE-2025-59375	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for expat is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Expat is a C library for parsing XML documents.\n\nSecurity Fix(es):\n\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:19403",
        "url": "https://access.redhat.com/errata/RHSA-2025:19403"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2395108",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19403.json"
      }
    ],
    "title": "Red Hat Security Advisory: expat security update",
    "tracking": {
      "current_release_date": "2026-06-02T15:25:08+00:00",
      "generator": {
        "date": "2026-06-02T15:25:08+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2025:19403",
      "initial_release_date": "2025-11-03T02:00:12+00:00",
      "revision_history": [
        {
          "date": "2025-11-03T02:00:12+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-11-03T02:00:12+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T15:25:08+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 10)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 10)",
                  "product_id": "AppStream-10.0.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:10.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS (v. 10)",
                  "product_id": "BaseOS-10.0.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:10.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-0:2.7.1-1.el10_0.3.src",
                "product": {
                  "name": "expat-0:2.7.1-1.el10_0.3.src",
                  "product_id": "expat-0:2.7.1-1.el10_0.3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.7.1-1.el10_0.3?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-0:2.7.1-1.el10_0.3.aarch64",
                "product": {
                  "name": "expat-0:2.7.1-1.el10_0.3.aarch64",
                  "product_id": "expat-0:2.7.1-1.el10_0.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.7.1-1.el10_0.3?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.7.1-1.el10_0.3.aarch64",
                "product": {
                  "name": "expat-debugsource-0:2.7.1-1.el10_0.3.aarch64",
                  "product_id": "expat-debugsource-0:2.7.1-1.el10_0.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.7.1-1.el10_0.3?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64",
                "product": {
                  "name": "expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64",
                  "product_id": "expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.7.1-1.el10_0.3?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-devel-0:2.7.1-1.el10_0.3.aarch64",
                "product": {
                  "name": "expat-devel-0:2.7.1-1.el10_0.3.aarch64",
                  "product_id": "expat-devel-0:2.7.1-1.el10_0.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.7.1-1.el10_0.3?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-0:2.7.1-1.el10_0.3.ppc64le",
                "product": {
                  "name": "expat-0:2.7.1-1.el10_0.3.ppc64le",
                  "product_id": "expat-0:2.7.1-1.el10_0.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.7.1-1.el10_0.3?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le",
                "product": {
                  "name": "expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le",
                  "product_id": "expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.7.1-1.el10_0.3?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le",
                "product": {
                  "name": "expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le",
                  "product_id": "expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.7.1-1.el10_0.3?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-devel-0:2.7.1-1.el10_0.3.ppc64le",
                "product": {
                  "name": "expat-devel-0:2.7.1-1.el10_0.3.ppc64le",
                  "product_id": "expat-devel-0:2.7.1-1.el10_0.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.7.1-1.el10_0.3?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-0:2.7.1-1.el10_0.3.x86_64",
                "product": {
                  "name": "expat-0:2.7.1-1.el10_0.3.x86_64",
                  "product_id": "expat-0:2.7.1-1.el10_0.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.7.1-1.el10_0.3?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.7.1-1.el10_0.3.x86_64",
                "product": {
                  "name": "expat-debugsource-0:2.7.1-1.el10_0.3.x86_64",
                  "product_id": "expat-debugsource-0:2.7.1-1.el10_0.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.7.1-1.el10_0.3?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64",
                "product": {
                  "name": "expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64",
                  "product_id": "expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.7.1-1.el10_0.3?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-devel-0:2.7.1-1.el10_0.3.x86_64",
                "product": {
                  "name": "expat-devel-0:2.7.1-1.el10_0.3.x86_64",
                  "product_id": "expat-devel-0:2.7.1-1.el10_0.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.7.1-1.el10_0.3?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-0:2.7.1-1.el10_0.3.s390x",
                "product": {
                  "name": "expat-0:2.7.1-1.el10_0.3.s390x",
                  "product_id": "expat-0:2.7.1-1.el10_0.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.7.1-1.el10_0.3?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.7.1-1.el10_0.3.s390x",
                "product": {
                  "name": "expat-debugsource-0:2.7.1-1.el10_0.3.s390x",
                  "product_id": "expat-debugsource-0:2.7.1-1.el10_0.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.7.1-1.el10_0.3?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.7.1-1.el10_0.3.s390x",
                "product": {
                  "name": "expat-debuginfo-0:2.7.1-1.el10_0.3.s390x",
                  "product_id": "expat-debuginfo-0:2.7.1-1.el10_0.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.7.1-1.el10_0.3?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-devel-0:2.7.1-1.el10_0.3.s390x",
                "product": {
                  "name": "expat-devel-0:2.7.1-1.el10_0.3.s390x",
                  "product_id": "expat-devel-0:2.7.1-1.el10_0.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.7.1-1.el10_0.3?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.aarch64"
        },
        "product_reference": "expat-0:2.7.1-1.el10_0.3.aarch64",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.ppc64le"
        },
        "product_reference": "expat-0:2.7.1-1.el10_0.3.ppc64le",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_0.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.s390x"
        },
        "product_reference": "expat-0:2.7.1-1.el10_0.3.s390x",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_0.3.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.src"
        },
        "product_reference": "expat-0:2.7.1-1.el10_0.3.src",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.x86_64"
        },
        "product_reference": "expat-0:2.7.1-1.el10_0.3.x86_64",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64"
        },
        "product_reference": "expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le"
        },
        "product_reference": "expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.7.1-1.el10_0.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.s390x"
        },
        "product_reference": "expat-debuginfo-0:2.7.1-1.el10_0.3.s390x",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64"
        },
        "product_reference": "expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.7.1-1.el10_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.aarch64"
        },
        "product_reference": "expat-debugsource-0:2.7.1-1.el10_0.3.aarch64",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le"
        },
        "product_reference": "expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.7.1-1.el10_0.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.s390x"
        },
        "product_reference": "expat-debugsource-0:2.7.1-1.el10_0.3.s390x",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.7.1-1.el10_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.x86_64"
        },
        "product_reference": "expat-debugsource-0:2.7.1-1.el10_0.3.x86_64",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.7.1-1.el10_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.aarch64"
        },
        "product_reference": "expat-devel-0:2.7.1-1.el10_0.3.aarch64",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.7.1-1.el10_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.ppc64le"
        },
        "product_reference": "expat-devel-0:2.7.1-1.el10_0.3.ppc64le",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.7.1-1.el10_0.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.s390x"
        },
        "product_reference": "expat-devel-0:2.7.1-1.el10_0.3.s390x",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.7.1-1.el10_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.x86_64"
        },
        "product_reference": "expat-devel-0:2.7.1-1.el10_0.3.x86_64",
        "relates_to_product_reference": "AppStream-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_0.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.aarch64"
        },
        "product_reference": "expat-0:2.7.1-1.el10_0.3.aarch64",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_0.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.ppc64le"
        },
        "product_reference": "expat-0:2.7.1-1.el10_0.3.ppc64le",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_0.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.s390x"
        },
        "product_reference": "expat-0:2.7.1-1.el10_0.3.s390x",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_0.3.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.src"
        },
        "product_reference": "expat-0:2.7.1-1.el10_0.3.src",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_0.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.x86_64"
        },
        "product_reference": "expat-0:2.7.1-1.el10_0.3.x86_64",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64"
        },
        "product_reference": "expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le"
        },
        "product_reference": "expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.7.1-1.el10_0.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.s390x"
        },
        "product_reference": "expat-debuginfo-0:2.7.1-1.el10_0.3.s390x",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64"
        },
        "product_reference": "expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.7.1-1.el10_0.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.aarch64"
        },
        "product_reference": "expat-debugsource-0:2.7.1-1.el10_0.3.aarch64",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le"
        },
        "product_reference": "expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.7.1-1.el10_0.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.s390x"
        },
        "product_reference": "expat-debugsource-0:2.7.1-1.el10_0.3.s390x",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.7.1-1.el10_0.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.x86_64"
        },
        "product_reference": "expat-debugsource-0:2.7.1-1.el10_0.3.x86_64",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.7.1-1.el10_0.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.aarch64"
        },
        "product_reference": "expat-devel-0:2.7.1-1.el10_0.3.aarch64",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.7.1-1.el10_0.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.ppc64le"
        },
        "product_reference": "expat-devel-0:2.7.1-1.el10_0.3.ppc64le",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.7.1-1.el10_0.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.s390x"
        },
        "product_reference": "expat-devel-0:2.7.1-1.el10_0.3.s390x",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.7.1-1.el10_0.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.x86_64"
        },
        "product_reference": "expat-devel-0:2.7.1-1.el10_0.3.x86_64",
        "relates_to_product_reference": "BaseOS-10.0.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-09-15T03:00:59.775098+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2395108"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.aarch64",
          "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.ppc64le",
          "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.s390x",
          "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.src",
          "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.x86_64",
          "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64",
          "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le",
          "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.s390x",
          "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64",
          "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.aarch64",
          "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le",
          "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.s390x",
          "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.x86_64",
          "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.aarch64",
          "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.ppc64le",
          "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.s390x",
          "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.x86_64",
          "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.aarch64",
          "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.ppc64le",
          "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.s390x",
          "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.src",
          "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.x86_64",
          "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64",
          "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le",
          "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.s390x",
          "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64",
          "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.aarch64",
          "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le",
          "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.s390x",
          "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.x86_64",
          "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.aarch64",
          "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.ppc64le",
          "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.s390x",
          "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "RHBZ#2395108",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
        }
      ],
      "release_date": "2025-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-03T02:00:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.aarch64",
            "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.ppc64le",
            "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.s390x",
            "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.src",
            "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.x86_64",
            "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64",
            "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le",
            "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.s390x",
            "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64",
            "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.aarch64",
            "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le",
            "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.s390x",
            "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.x86_64",
            "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.aarch64",
            "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.ppc64le",
            "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.s390x",
            "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.x86_64",
            "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.aarch64",
            "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.ppc64le",
            "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.s390x",
            "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.src",
            "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.x86_64",
            "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64",
            "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le",
            "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.s390x",
            "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64",
            "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.aarch64",
            "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le",
            "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.s390x",
            "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.x86_64",
            "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.aarch64",
            "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.ppc64le",
            "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.s390x",
            "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:19403"
        },
        {
          "category": "workaround",
          "details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
          "product_ids": [
            "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.aarch64",
            "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.ppc64le",
            "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.s390x",
            "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.src",
            "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.x86_64",
            "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64",
            "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le",
            "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.s390x",
            "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64",
            "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.aarch64",
            "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le",
            "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.s390x",
            "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.x86_64",
            "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.aarch64",
            "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.ppc64le",
            "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.s390x",
            "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.x86_64",
            "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.aarch64",
            "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.ppc64le",
            "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.s390x",
            "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.src",
            "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.x86_64",
            "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64",
            "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le",
            "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.s390x",
            "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64",
            "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.aarch64",
            "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le",
            "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.s390x",
            "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.x86_64",
            "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.aarch64",
            "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.ppc64le",
            "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.s390x",
            "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.aarch64",
            "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.ppc64le",
            "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.s390x",
            "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.src",
            "AppStream-10.0.Z:expat-0:2.7.1-1.el10_0.3.x86_64",
            "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64",
            "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le",
            "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.s390x",
            "AppStream-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64",
            "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.aarch64",
            "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le",
            "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.s390x",
            "AppStream-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.x86_64",
            "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.aarch64",
            "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.ppc64le",
            "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.s390x",
            "AppStream-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.x86_64",
            "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.aarch64",
            "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.ppc64le",
            "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.s390x",
            "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.src",
            "BaseOS-10.0.Z:expat-0:2.7.1-1.el10_0.3.x86_64",
            "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.aarch64",
            "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.ppc64le",
            "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.s390x",
            "BaseOS-10.0.Z:expat-debuginfo-0:2.7.1-1.el10_0.3.x86_64",
            "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.aarch64",
            "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.ppc64le",
            "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.s390x",
            "BaseOS-10.0.Z:expat-debugsource-0:2.7.1-1.el10_0.3.x86_64",
            "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.aarch64",
            "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.ppc64le",
            "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.s390x",
            "BaseOS-10.0.Z:expat-devel-0:2.7.1-1.el10_0.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
    }
  ]
}

RHSA-2025:21030

Vulnerability from csaf_redhat - Published: 2025-11-11 19:57 - Updated: 2026-06-02 15:25

Summary

Red Hat Security Advisory: expat security update

Severity

Important

Notes

CVE-2025-59375

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.src	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.s390x	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

References

10 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:21030	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-59375	self
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://www.cve.org/CVERecord?id=CVE-2025-59375	external
https://nvd.nist.gov/vuln/detail/CVE-2025-59375	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for expat is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Expat is a C library for parsing XML documents.\n\nSecurity Fix(es):\n\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:21030",
        "url": "https://access.redhat.com/errata/RHSA-2025:21030"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2395108",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_21030.json"
      }
    ],
    "title": "Red Hat Security Advisory: expat security update",
    "tracking": {
      "current_release_date": "2026-06-02T15:25:06+00:00",
      "generator": {
        "date": "2026-06-02T15:25:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2025:21030",
      "initial_release_date": "2025-11-11T19:57:21+00:00",
      "revision_history": [
        {
          "date": "2025-11-11T19:57:21+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-11-11T19:57:21+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T15:25:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 10)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 10)",
                  "product_id": "AppStream-10.1.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:10.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS (v. 10)",
                  "product_id": "BaseOS-10.1.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:10.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-devel-0:2.7.1-1.el10_1.3.x86_64",
                "product": {
                  "name": "expat-devel-0:2.7.1-1.el10_1.3.x86_64",
                  "product_id": "expat-devel-0:2.7.1-1.el10_1.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.7.1-1.el10_1.3?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.7.1-1.el10_1.3.x86_64",
                "product": {
                  "name": "expat-debugsource-0:2.7.1-1.el10_1.3.x86_64",
                  "product_id": "expat-debugsource-0:2.7.1-1.el10_1.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.7.1-1.el10_1.3?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64",
                "product": {
                  "name": "expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64",
                  "product_id": "expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.7.1-1.el10_1.3?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-0:2.7.1-1.el10_1.3.x86_64",
                "product": {
                  "name": "expat-0:2.7.1-1.el10_1.3.x86_64",
                  "product_id": "expat-0:2.7.1-1.el10_1.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.7.1-1.el10_1.3?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-devel-0:2.7.1-1.el10_1.3.s390x",
                "product": {
                  "name": "expat-devel-0:2.7.1-1.el10_1.3.s390x",
                  "product_id": "expat-devel-0:2.7.1-1.el10_1.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.7.1-1.el10_1.3?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.7.1-1.el10_1.3.s390x",
                "product": {
                  "name": "expat-debugsource-0:2.7.1-1.el10_1.3.s390x",
                  "product_id": "expat-debugsource-0:2.7.1-1.el10_1.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.7.1-1.el10_1.3?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.7.1-1.el10_1.3.s390x",
                "product": {
                  "name": "expat-debuginfo-0:2.7.1-1.el10_1.3.s390x",
                  "product_id": "expat-debuginfo-0:2.7.1-1.el10_1.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.7.1-1.el10_1.3?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-0:2.7.1-1.el10_1.3.s390x",
                "product": {
                  "name": "expat-0:2.7.1-1.el10_1.3.s390x",
                  "product_id": "expat-0:2.7.1-1.el10_1.3.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.7.1-1.el10_1.3?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-devel-0:2.7.1-1.el10_1.3.aarch64",
                "product": {
                  "name": "expat-devel-0:2.7.1-1.el10_1.3.aarch64",
                  "product_id": "expat-devel-0:2.7.1-1.el10_1.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.7.1-1.el10_1.3?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.7.1-1.el10_1.3.aarch64",
                "product": {
                  "name": "expat-debugsource-0:2.7.1-1.el10_1.3.aarch64",
                  "product_id": "expat-debugsource-0:2.7.1-1.el10_1.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.7.1-1.el10_1.3?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64",
                "product": {
                  "name": "expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64",
                  "product_id": "expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.7.1-1.el10_1.3?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-0:2.7.1-1.el10_1.3.aarch64",
                "product": {
                  "name": "expat-0:2.7.1-1.el10_1.3.aarch64",
                  "product_id": "expat-0:2.7.1-1.el10_1.3.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.7.1-1.el10_1.3?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-devel-0:2.7.1-1.el10_1.3.ppc64le",
                "product": {
                  "name": "expat-devel-0:2.7.1-1.el10_1.3.ppc64le",
                  "product_id": "expat-devel-0:2.7.1-1.el10_1.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.7.1-1.el10_1.3?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le",
                "product": {
                  "name": "expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le",
                  "product_id": "expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.7.1-1.el10_1.3?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le",
                "product": {
                  "name": "expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le",
                  "product_id": "expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.7.1-1.el10_1.3?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-0:2.7.1-1.el10_1.3.ppc64le",
                "product": {
                  "name": "expat-0:2.7.1-1.el10_1.3.ppc64le",
                  "product_id": "expat-0:2.7.1-1.el10_1.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.7.1-1.el10_1.3?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-0:2.7.1-1.el10_1.3.src",
                "product": {
                  "name": "expat-0:2.7.1-1.el10_1.3.src",
                  "product_id": "expat-0:2.7.1-1.el10_1.3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.7.1-1.el10_1.3?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.aarch64"
        },
        "product_reference": "expat-0:2.7.1-1.el10_1.3.aarch64",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.ppc64le"
        },
        "product_reference": "expat-0:2.7.1-1.el10_1.3.ppc64le",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.s390x"
        },
        "product_reference": "expat-0:2.7.1-1.el10_1.3.s390x",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_1.3.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.src"
        },
        "product_reference": "expat-0:2.7.1-1.el10_1.3.src",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.x86_64"
        },
        "product_reference": "expat-0:2.7.1-1.el10_1.3.x86_64",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64"
        },
        "product_reference": "expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le"
        },
        "product_reference": "expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.7.1-1.el10_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.s390x"
        },
        "product_reference": "expat-debuginfo-0:2.7.1-1.el10_1.3.s390x",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64"
        },
        "product_reference": "expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.7.1-1.el10_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.aarch64"
        },
        "product_reference": "expat-debugsource-0:2.7.1-1.el10_1.3.aarch64",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le"
        },
        "product_reference": "expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.7.1-1.el10_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.s390x"
        },
        "product_reference": "expat-debugsource-0:2.7.1-1.el10_1.3.s390x",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.7.1-1.el10_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.x86_64"
        },
        "product_reference": "expat-debugsource-0:2.7.1-1.el10_1.3.x86_64",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.7.1-1.el10_1.3.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.aarch64"
        },
        "product_reference": "expat-devel-0:2.7.1-1.el10_1.3.aarch64",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.7.1-1.el10_1.3.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.ppc64le"
        },
        "product_reference": "expat-devel-0:2.7.1-1.el10_1.3.ppc64le",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.7.1-1.el10_1.3.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.s390x"
        },
        "product_reference": "expat-devel-0:2.7.1-1.el10_1.3.s390x",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.7.1-1.el10_1.3.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.x86_64"
        },
        "product_reference": "expat-devel-0:2.7.1-1.el10_1.3.x86_64",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.aarch64"
        },
        "product_reference": "expat-0:2.7.1-1.el10_1.3.aarch64",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.ppc64le"
        },
        "product_reference": "expat-0:2.7.1-1.el10_1.3.ppc64le",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_1.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.s390x"
        },
        "product_reference": "expat-0:2.7.1-1.el10_1.3.s390x",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_1.3.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.src"
        },
        "product_reference": "expat-0:2.7.1-1.el10_1.3.src",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.7.1-1.el10_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.x86_64"
        },
        "product_reference": "expat-0:2.7.1-1.el10_1.3.x86_64",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64"
        },
        "product_reference": "expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le"
        },
        "product_reference": "expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.7.1-1.el10_1.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.s390x"
        },
        "product_reference": "expat-debuginfo-0:2.7.1-1.el10_1.3.s390x",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64"
        },
        "product_reference": "expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.7.1-1.el10_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.aarch64"
        },
        "product_reference": "expat-debugsource-0:2.7.1-1.el10_1.3.aarch64",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le"
        },
        "product_reference": "expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.7.1-1.el10_1.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.s390x"
        },
        "product_reference": "expat-debugsource-0:2.7.1-1.el10_1.3.s390x",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.7.1-1.el10_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.x86_64"
        },
        "product_reference": "expat-debugsource-0:2.7.1-1.el10_1.3.x86_64",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.7.1-1.el10_1.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.aarch64"
        },
        "product_reference": "expat-devel-0:2.7.1-1.el10_1.3.aarch64",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.7.1-1.el10_1.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.ppc64le"
        },
        "product_reference": "expat-devel-0:2.7.1-1.el10_1.3.ppc64le",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.7.1-1.el10_1.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.s390x"
        },
        "product_reference": "expat-devel-0:2.7.1-1.el10_1.3.s390x",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.7.1-1.el10_1.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.x86_64"
        },
        "product_reference": "expat-devel-0:2.7.1-1.el10_1.3.x86_64",
        "relates_to_product_reference": "BaseOS-10.1.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-09-15T03:00:59.775098+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2395108"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.aarch64",
          "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.ppc64le",
          "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.s390x",
          "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.src",
          "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.x86_64",
          "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64",
          "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le",
          "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.s390x",
          "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64",
          "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.aarch64",
          "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le",
          "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.s390x",
          "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.x86_64",
          "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.aarch64",
          "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.ppc64le",
          "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.s390x",
          "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.x86_64",
          "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.aarch64",
          "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.ppc64le",
          "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.s390x",
          "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.src",
          "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.x86_64",
          "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64",
          "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le",
          "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.s390x",
          "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64",
          "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.aarch64",
          "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le",
          "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.s390x",
          "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.x86_64",
          "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.aarch64",
          "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.ppc64le",
          "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.s390x",
          "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "RHBZ#2395108",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
        }
      ],
      "release_date": "2025-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-11T19:57:21+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.aarch64",
            "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.ppc64le",
            "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.s390x",
            "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.src",
            "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.x86_64",
            "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64",
            "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le",
            "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.s390x",
            "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64",
            "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.aarch64",
            "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le",
            "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.s390x",
            "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.x86_64",
            "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.aarch64",
            "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.ppc64le",
            "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.s390x",
            "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.x86_64",
            "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.aarch64",
            "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.ppc64le",
            "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.s390x",
            "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.src",
            "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.x86_64",
            "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64",
            "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le",
            "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.s390x",
            "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64",
            "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.aarch64",
            "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le",
            "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.s390x",
            "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.x86_64",
            "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.aarch64",
            "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.ppc64le",
            "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.s390x",
            "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21030"
        },
        {
          "category": "workaround",
          "details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
          "product_ids": [
            "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.aarch64",
            "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.ppc64le",
            "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.s390x",
            "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.src",
            "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.x86_64",
            "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64",
            "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le",
            "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.s390x",
            "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64",
            "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.aarch64",
            "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le",
            "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.s390x",
            "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.x86_64",
            "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.aarch64",
            "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.ppc64le",
            "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.s390x",
            "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.x86_64",
            "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.aarch64",
            "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.ppc64le",
            "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.s390x",
            "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.src",
            "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.x86_64",
            "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64",
            "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le",
            "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.s390x",
            "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64",
            "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.aarch64",
            "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le",
            "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.s390x",
            "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.x86_64",
            "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.aarch64",
            "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.ppc64le",
            "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.s390x",
            "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.aarch64",
            "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.ppc64le",
            "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.s390x",
            "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.src",
            "AppStream-10.1.Z:expat-0:2.7.1-1.el10_1.3.x86_64",
            "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64",
            "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le",
            "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.s390x",
            "AppStream-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64",
            "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.aarch64",
            "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le",
            "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.s390x",
            "AppStream-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.x86_64",
            "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.aarch64",
            "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.ppc64le",
            "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.s390x",
            "AppStream-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.x86_64",
            "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.aarch64",
            "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.ppc64le",
            "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.s390x",
            "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.src",
            "BaseOS-10.1.Z:expat-0:2.7.1-1.el10_1.3.x86_64",
            "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.aarch64",
            "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.ppc64le",
            "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.s390x",
            "BaseOS-10.1.Z:expat-debuginfo-0:2.7.1-1.el10_1.3.x86_64",
            "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.aarch64",
            "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.ppc64le",
            "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.s390x",
            "BaseOS-10.1.Z:expat-debugsource-0:2.7.1-1.el10_1.3.x86_64",
            "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.aarch64",
            "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.ppc64le",
            "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.s390x",
            "BaseOS-10.1.Z:expat-devel-0:2.7.1-1.el10_1.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
    }
  ]
}

RHSA-2025:21773

Vulnerability from csaf_redhat - Published: 2025-11-19 20:10 - Updated: 2026-06-02 15:25

Summary

Red Hat Security Advisory: expat security update

Severity

Important

Notes

Topic: An update for expat is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2025-59375

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 42 products

Product	Version	Remediation
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.i686	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.i686	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.src	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.i686	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.i686	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.i686	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

References

10 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:21773	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-59375	self
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://www.cve.org/CVERecord?id=CVE-2025-59375	external
https://nvd.nist.gov/vuln/detail/CVE-2025-59375	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for expat is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Expat is a C library for parsing XML documents.\n\nSecurity Fix(es):\n\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:21773",
        "url": "https://access.redhat.com/errata/RHSA-2025:21773"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2395108",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_21773.json"
      }
    ],
    "title": "Red Hat Security Advisory: expat security update",
    "tracking": {
      "current_release_date": "2026-06-02T15:25:09+00:00",
      "generator": {
        "date": "2026-06-02T15:25:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2025:21773",
      "initial_release_date": "2025-11-19T20:10:25+00:00",
      "revision_history": [
        {
          "date": "2025-11-19T20:10:25+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-11-19T20:10:25+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T15:25:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                  "product_id": "AppStream-9.6.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                  "product_id": "BaseOS-9.6.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus:9.6::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-devel-0:2.5.0-5.el9_6.1.aarch64",
                "product": {
                  "name": "expat-devel-0:2.5.0-5.el9_6.1.aarch64",
                  "product_id": "expat-devel-0:2.5.0-5.el9_6.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.5.0-5.el9_6.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.5.0-5.el9_6.1.aarch64",
                "product": {
                  "name": "expat-debugsource-0:2.5.0-5.el9_6.1.aarch64",
                  "product_id": "expat-debugsource-0:2.5.0-5.el9_6.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.5.0-5.el9_6.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64",
                "product": {
                  "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64",
                  "product_id": "expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.5.0-5.el9_6.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-0:2.5.0-5.el9_6.1.aarch64",
                "product": {
                  "name": "expat-0:2.5.0-5.el9_6.1.aarch64",
                  "product_id": "expat-0:2.5.0-5.el9_6.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_6.1?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-devel-0:2.5.0-5.el9_6.1.ppc64le",
                "product": {
                  "name": "expat-devel-0:2.5.0-5.el9_6.1.ppc64le",
                  "product_id": "expat-devel-0:2.5.0-5.el9_6.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.5.0-5.el9_6.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le",
                "product": {
                  "name": "expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le",
                  "product_id": "expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.5.0-5.el9_6.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le",
                "product": {
                  "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le",
                  "product_id": "expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.5.0-5.el9_6.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-0:2.5.0-5.el9_6.1.ppc64le",
                "product": {
                  "name": "expat-0:2.5.0-5.el9_6.1.ppc64le",
                  "product_id": "expat-0:2.5.0-5.el9_6.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_6.1?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-devel-0:2.5.0-5.el9_6.1.i686",
                "product": {
                  "name": "expat-devel-0:2.5.0-5.el9_6.1.i686",
                  "product_id": "expat-devel-0:2.5.0-5.el9_6.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.5.0-5.el9_6.1?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.5.0-5.el9_6.1.i686",
                "product": {
                  "name": "expat-debugsource-0:2.5.0-5.el9_6.1.i686",
                  "product_id": "expat-debugsource-0:2.5.0-5.el9_6.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.5.0-5.el9_6.1?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.i686",
                "product": {
                  "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.i686",
                  "product_id": "expat-debuginfo-0:2.5.0-5.el9_6.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.5.0-5.el9_6.1?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-0:2.5.0-5.el9_6.1.i686",
                "product": {
                  "name": "expat-0:2.5.0-5.el9_6.1.i686",
                  "product_id": "expat-0:2.5.0-5.el9_6.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_6.1?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-devel-0:2.5.0-5.el9_6.1.x86_64",
                "product": {
                  "name": "expat-devel-0:2.5.0-5.el9_6.1.x86_64",
                  "product_id": "expat-devel-0:2.5.0-5.el9_6.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.5.0-5.el9_6.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.5.0-5.el9_6.1.x86_64",
                "product": {
                  "name": "expat-debugsource-0:2.5.0-5.el9_6.1.x86_64",
                  "product_id": "expat-debugsource-0:2.5.0-5.el9_6.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.5.0-5.el9_6.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64",
                "product": {
                  "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64",
                  "product_id": "expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.5.0-5.el9_6.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-0:2.5.0-5.el9_6.1.x86_64",
                "product": {
                  "name": "expat-0:2.5.0-5.el9_6.1.x86_64",
                  "product_id": "expat-0:2.5.0-5.el9_6.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_6.1?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-devel-0:2.5.0-5.el9_6.1.s390x",
                "product": {
                  "name": "expat-devel-0:2.5.0-5.el9_6.1.s390x",
                  "product_id": "expat-devel-0:2.5.0-5.el9_6.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.5.0-5.el9_6.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.5.0-5.el9_6.1.s390x",
                "product": {
                  "name": "expat-debugsource-0:2.5.0-5.el9_6.1.s390x",
                  "product_id": "expat-debugsource-0:2.5.0-5.el9_6.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.5.0-5.el9_6.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.s390x",
                "product": {
                  "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.s390x",
                  "product_id": "expat-debuginfo-0:2.5.0-5.el9_6.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.5.0-5.el9_6.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-0:2.5.0-5.el9_6.1.s390x",
                "product": {
                  "name": "expat-0:2.5.0-5.el9_6.1.s390x",
                  "product_id": "expat-0:2.5.0-5.el9_6.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_6.1?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-0:2.5.0-5.el9_6.1.src",
                "product": {
                  "name": "expat-0:2.5.0-5.el9_6.1.src",
                  "product_id": "expat-0:2.5.0-5.el9_6.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_6.1?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-5.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.aarch64"
        },
        "product_reference": "expat-0:2.5.0-5.el9_6.1.aarch64",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-5.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.i686"
        },
        "product_reference": "expat-0:2.5.0-5.el9_6.1.i686",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-5.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.ppc64le"
        },
        "product_reference": "expat-0:2.5.0-5.el9_6.1.ppc64le",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-5.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.s390x"
        },
        "product_reference": "expat-0:2.5.0-5.el9_6.1.s390x",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-5.el9_6.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.src"
        },
        "product_reference": "expat-0:2.5.0-5.el9_6.1.src",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-5.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.x86_64"
        },
        "product_reference": "expat-0:2.5.0-5.el9_6.1.x86_64",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64"
        },
        "product_reference": "expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.i686"
        },
        "product_reference": "expat-debuginfo-0:2.5.0-5.el9_6.1.i686",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le"
        },
        "product_reference": "expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.s390x"
        },
        "product_reference": "expat-debuginfo-0:2.5.0-5.el9_6.1.s390x",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64"
        },
        "product_reference": "expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.5.0-5.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.aarch64"
        },
        "product_reference": "expat-debugsource-0:2.5.0-5.el9_6.1.aarch64",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.5.0-5.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.i686"
        },
        "product_reference": "expat-debugsource-0:2.5.0-5.el9_6.1.i686",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le"
        },
        "product_reference": "expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.5.0-5.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.s390x"
        },
        "product_reference": "expat-debugsource-0:2.5.0-5.el9_6.1.s390x",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.5.0-5.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.x86_64"
        },
        "product_reference": "expat-debugsource-0:2.5.0-5.el9_6.1.x86_64",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.5.0-5.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.aarch64"
        },
        "product_reference": "expat-devel-0:2.5.0-5.el9_6.1.aarch64",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.5.0-5.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.i686"
        },
        "product_reference": "expat-devel-0:2.5.0-5.el9_6.1.i686",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.5.0-5.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.ppc64le"
        },
        "product_reference": "expat-devel-0:2.5.0-5.el9_6.1.ppc64le",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.5.0-5.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.s390x"
        },
        "product_reference": "expat-devel-0:2.5.0-5.el9_6.1.s390x",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.5.0-5.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "product_id": "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.x86_64"
        },
        "product_reference": "expat-devel-0:2.5.0-5.el9_6.1.x86_64",
        "relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-5.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.aarch64"
        },
        "product_reference": "expat-0:2.5.0-5.el9_6.1.aarch64",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-5.el9_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.i686"
        },
        "product_reference": "expat-0:2.5.0-5.el9_6.1.i686",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-5.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.ppc64le"
        },
        "product_reference": "expat-0:2.5.0-5.el9_6.1.ppc64le",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-5.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.s390x"
        },
        "product_reference": "expat-0:2.5.0-5.el9_6.1.s390x",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-5.el9_6.1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.src"
        },
        "product_reference": "expat-0:2.5.0-5.el9_6.1.src",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-5.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.x86_64"
        },
        "product_reference": "expat-0:2.5.0-5.el9_6.1.x86_64",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64"
        },
        "product_reference": "expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.i686"
        },
        "product_reference": "expat-debuginfo-0:2.5.0-5.el9_6.1.i686",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le"
        },
        "product_reference": "expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.s390x"
        },
        "product_reference": "expat-debuginfo-0:2.5.0-5.el9_6.1.s390x",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64"
        },
        "product_reference": "expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.5.0-5.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.aarch64"
        },
        "product_reference": "expat-debugsource-0:2.5.0-5.el9_6.1.aarch64",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.5.0-5.el9_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.i686"
        },
        "product_reference": "expat-debugsource-0:2.5.0-5.el9_6.1.i686",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le"
        },
        "product_reference": "expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.5.0-5.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.s390x"
        },
        "product_reference": "expat-debugsource-0:2.5.0-5.el9_6.1.s390x",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.5.0-5.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.x86_64"
        },
        "product_reference": "expat-debugsource-0:2.5.0-5.el9_6.1.x86_64",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.5.0-5.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.aarch64"
        },
        "product_reference": "expat-devel-0:2.5.0-5.el9_6.1.aarch64",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.5.0-5.el9_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.i686"
        },
        "product_reference": "expat-devel-0:2.5.0-5.el9_6.1.i686",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.5.0-5.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.ppc64le"
        },
        "product_reference": "expat-devel-0:2.5.0-5.el9_6.1.ppc64le",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.5.0-5.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.s390x"
        },
        "product_reference": "expat-devel-0:2.5.0-5.el9_6.1.s390x",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.5.0-5.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
          "product_id": "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.x86_64"
        },
        "product_reference": "expat-devel-0:2.5.0-5.el9_6.1.x86_64",
        "relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-09-15T03:00:59.775098+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2395108"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.aarch64",
          "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.i686",
          "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.ppc64le",
          "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.s390x",
          "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.src",
          "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.x86_64",
          "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64",
          "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.i686",
          "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le",
          "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.s390x",
          "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64",
          "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.aarch64",
          "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.i686",
          "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le",
          "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.s390x",
          "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.x86_64",
          "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.aarch64",
          "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.i686",
          "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.ppc64le",
          "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.s390x",
          "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.x86_64",
          "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.aarch64",
          "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.i686",
          "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.ppc64le",
          "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.s390x",
          "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.src",
          "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.x86_64",
          "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64",
          "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.i686",
          "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le",
          "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.s390x",
          "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64",
          "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.aarch64",
          "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.i686",
          "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le",
          "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.s390x",
          "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.x86_64",
          "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.aarch64",
          "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.i686",
          "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.ppc64le",
          "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.s390x",
          "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "RHBZ#2395108",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
        }
      ],
      "release_date": "2025-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-19T20:10:25+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.aarch64",
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.i686",
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.ppc64le",
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.s390x",
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.src",
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.x86_64",
            "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64",
            "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.i686",
            "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le",
            "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.s390x",
            "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64",
            "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.aarch64",
            "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.i686",
            "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le",
            "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.s390x",
            "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.x86_64",
            "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.aarch64",
            "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.i686",
            "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.ppc64le",
            "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.s390x",
            "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.x86_64",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.aarch64",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.i686",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.ppc64le",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.s390x",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.src",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.x86_64",
            "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64",
            "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.i686",
            "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le",
            "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.s390x",
            "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64",
            "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.aarch64",
            "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.i686",
            "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le",
            "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.s390x",
            "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.x86_64",
            "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.aarch64",
            "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.i686",
            "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.ppc64le",
            "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.s390x",
            "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21773"
        },
        {
          "category": "workaround",
          "details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
          "product_ids": [
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.aarch64",
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.i686",
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.ppc64le",
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.s390x",
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.src",
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.x86_64",
            "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64",
            "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.i686",
            "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le",
            "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.s390x",
            "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64",
            "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.aarch64",
            "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.i686",
            "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le",
            "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.s390x",
            "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.x86_64",
            "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.aarch64",
            "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.i686",
            "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.ppc64le",
            "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.s390x",
            "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.x86_64",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.aarch64",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.i686",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.ppc64le",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.s390x",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.src",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.x86_64",
            "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64",
            "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.i686",
            "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le",
            "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.s390x",
            "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64",
            "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.aarch64",
            "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.i686",
            "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le",
            "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.s390x",
            "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.x86_64",
            "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.aarch64",
            "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.i686",
            "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.ppc64le",
            "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.s390x",
            "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.aarch64",
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.i686",
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.ppc64le",
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.s390x",
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.src",
            "AppStream-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.x86_64",
            "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64",
            "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.i686",
            "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le",
            "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.s390x",
            "AppStream-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64",
            "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.aarch64",
            "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.i686",
            "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le",
            "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.s390x",
            "AppStream-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.x86_64",
            "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.aarch64",
            "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.i686",
            "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.ppc64le",
            "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.s390x",
            "AppStream-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.x86_64",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.aarch64",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.i686",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.ppc64le",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.s390x",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.src",
            "BaseOS-9.6.0.Z.EUS:expat-0:2.5.0-5.el9_6.1.x86_64",
            "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.aarch64",
            "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.i686",
            "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.ppc64le",
            "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.s390x",
            "BaseOS-9.6.0.Z.EUS:expat-debuginfo-0:2.5.0-5.el9_6.1.x86_64",
            "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.aarch64",
            "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.i686",
            "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.ppc64le",
            "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.s390x",
            "BaseOS-9.6.0.Z.EUS:expat-debugsource-0:2.5.0-5.el9_6.1.x86_64",
            "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.aarch64",
            "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.i686",
            "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.ppc64le",
            "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.s390x",
            "BaseOS-9.6.0.Z.EUS:expat-devel-0:2.5.0-5.el9_6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
    }
  ]
}

RHSA-2025:21776

Vulnerability from csaf_redhat - Published: 2025-11-19 22:11 - Updated: 2026-06-02 15:25

Summary

Red Hat Security Advisory: expat security update

Severity

Important

Notes

Topic: An update for expat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2013-0340

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

4.3 ()


                        
                          AV:N/AC:M/Au:N/C:N/I:N/A:P

Affected products

Fixed 21 products

Product	Version	Remediation
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-23990

A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 21 products

Product	Version	Remediation
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2024-28757

An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Affected products

Fixed 21 products

Product	Version	Remediation
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x	—	Vendor Fix fix
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2025-59375

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 21 products

Product	Version	Remediation
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

References

23 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:21776	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2013-0340	self
https://bugzilla.redhat.com/show_bug.cgi?id=1000109	external
https://www.cve.org/CVERecord?id=CVE-2013-0340	external
https://nvd.nist.gov/vuln/detail/CVE-2013-0340	external
https://access.redhat.com/security/cve/CVE-2022-23990	self
https://bugzilla.redhat.com/show_bug.cgi?id=2048356	external
https://www.cve.org/CVERecord?id=CVE-2022-23990	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23990	external
https://access.redhat.com/security/cve/CVE-2024-28757	self
https://bugzilla.redhat.com/show_bug.cgi?id=2268766	external
https://www.cve.org/CVERecord?id=CVE-2024-28757	external
https://nvd.nist.gov/vuln/detail/CVE-2024-28757	external
https://github.com/libexpat/libexpat/issues/839	external
https://access.redhat.com/security/cve/CVE-2025-59375	self
https://bugzilla.redhat.com/show_bug.cgi?id=2395108	external
https://www.cve.org/CVERecord?id=CVE-2025-59375	external
https://nvd.nist.gov/vuln/detail/CVE-2025-59375	external
https://www.mozilla.org/security/advisories/mfsa2…	external
https://www.mozilla.org/security/advisories/mfsa2…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for expat is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Expat is a C library for parsing XML documents.\n\nSecurity Fix(es):\n\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:21776",
        "url": "https://access.redhat.com/errata/RHSA-2025:21776"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2395108",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_21776.json"
      }
    ],
    "title": "Red Hat Security Advisory: expat security update",
    "tracking": {
      "current_release_date": "2026-06-02T15:25:09+00:00",
      "generator": {
        "date": "2026-06-02T15:25:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2025:21776",
      "initial_release_date": "2025-11-19T22:11:45+00:00",
      "revision_history": [
        {
          "date": "2025-11-19T22:11:45+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-11-19T22:11:45+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T15:25:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS (v. 8)",
                  "product_id": "BaseOS-8.10.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-0:2.5.0-1.el8_10.src",
                "product": {
                  "name": "expat-0:2.5.0-1.el8_10.src",
                  "product_id": "expat-0:2.5.0-1.el8_10.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-0:2.5.0-1.el8_10.aarch64",
                "product": {
                  "name": "expat-0:2.5.0-1.el8_10.aarch64",
                  "product_id": "expat-0:2.5.0-1.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-devel-0:2.5.0-1.el8_10.aarch64",
                "product": {
                  "name": "expat-devel-0:2.5.0-1.el8_10.aarch64",
                  "product_id": "expat-devel-0:2.5.0-1.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.5.0-1.el8_10?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.5.0-1.el8_10.aarch64",
                "product": {
                  "name": "expat-debugsource-0:2.5.0-1.el8_10.aarch64",
                  "product_id": "expat-debugsource-0:2.5.0-1.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.5.0-1.el8_10?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
                "product": {
                  "name": "expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
                  "product_id": "expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.5.0-1.el8_10?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-0:2.5.0-1.el8_10.ppc64le",
                "product": {
                  "name": "expat-0:2.5.0-1.el8_10.ppc64le",
                  "product_id": "expat-0:2.5.0-1.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-devel-0:2.5.0-1.el8_10.ppc64le",
                "product": {
                  "name": "expat-devel-0:2.5.0-1.el8_10.ppc64le",
                  "product_id": "expat-devel-0:2.5.0-1.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.5.0-1.el8_10?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
                "product": {
                  "name": "expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
                  "product_id": "expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.5.0-1.el8_10?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
                "product": {
                  "name": "expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
                  "product_id": "expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.5.0-1.el8_10?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-0:2.5.0-1.el8_10.i686",
                "product": {
                  "name": "expat-0:2.5.0-1.el8_10.i686",
                  "product_id": "expat-0:2.5.0-1.el8_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-devel-0:2.5.0-1.el8_10.i686",
                "product": {
                  "name": "expat-devel-0:2.5.0-1.el8_10.i686",
                  "product_id": "expat-devel-0:2.5.0-1.el8_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.5.0-1.el8_10?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.5.0-1.el8_10.i686",
                "product": {
                  "name": "expat-debugsource-0:2.5.0-1.el8_10.i686",
                  "product_id": "expat-debugsource-0:2.5.0-1.el8_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.5.0-1.el8_10?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.5.0-1.el8_10.i686",
                "product": {
                  "name": "expat-debuginfo-0:2.5.0-1.el8_10.i686",
                  "product_id": "expat-debuginfo-0:2.5.0-1.el8_10.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.5.0-1.el8_10?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-0:2.5.0-1.el8_10.x86_64",
                "product": {
                  "name": "expat-0:2.5.0-1.el8_10.x86_64",
                  "product_id": "expat-0:2.5.0-1.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-devel-0:2.5.0-1.el8_10.x86_64",
                "product": {
                  "name": "expat-devel-0:2.5.0-1.el8_10.x86_64",
                  "product_id": "expat-devel-0:2.5.0-1.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.5.0-1.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.5.0-1.el8_10.x86_64",
                "product": {
                  "name": "expat-debugsource-0:2.5.0-1.el8_10.x86_64",
                  "product_id": "expat-debugsource-0:2.5.0-1.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.5.0-1.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
                "product": {
                  "name": "expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
                  "product_id": "expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.5.0-1.el8_10?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-0:2.5.0-1.el8_10.s390x",
                "product": {
                  "name": "expat-0:2.5.0-1.el8_10.s390x",
                  "product_id": "expat-0:2.5.0-1.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.5.0-1.el8_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-devel-0:2.5.0-1.el8_10.s390x",
                "product": {
                  "name": "expat-devel-0:2.5.0-1.el8_10.s390x",
                  "product_id": "expat-devel-0:2.5.0-1.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.5.0-1.el8_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.5.0-1.el8_10.s390x",
                "product": {
                  "name": "expat-debugsource-0:2.5.0-1.el8_10.s390x",
                  "product_id": "expat-debugsource-0:2.5.0-1.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.5.0-1.el8_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.5.0-1.el8_10.s390x",
                "product": {
                  "name": "expat-debuginfo-0:2.5.0-1.el8_10.s390x",
                  "product_id": "expat-debuginfo-0:2.5.0-1.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.5.0-1.el8_10?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64"
        },
        "product_reference": "expat-0:2.5.0-1.el8_10.aarch64",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-1.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686"
        },
        "product_reference": "expat-0:2.5.0-1.el8_10.i686",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le"
        },
        "product_reference": "expat-0:2.5.0-1.el8_10.ppc64le",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-1.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x"
        },
        "product_reference": "expat-0:2.5.0-1.el8_10.s390x",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-1.el8_10.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src"
        },
        "product_reference": "expat-0:2.5.0-1.el8_10.src",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.5.0-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64"
        },
        "product_reference": "expat-0:2.5.0-1.el8_10.x86_64",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.5.0-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64"
        },
        "product_reference": "expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.5.0-1.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686"
        },
        "product_reference": "expat-debuginfo-0:2.5.0-1.el8_10.i686",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.5.0-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le"
        },
        "product_reference": "expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.5.0-1.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x"
        },
        "product_reference": "expat-debuginfo-0:2.5.0-1.el8_10.s390x",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.5.0-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64"
        },
        "product_reference": "expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.5.0-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64"
        },
        "product_reference": "expat-debugsource-0:2.5.0-1.el8_10.aarch64",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.5.0-1.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686"
        },
        "product_reference": "expat-debugsource-0:2.5.0-1.el8_10.i686",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.5.0-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le"
        },
        "product_reference": "expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.5.0-1.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x"
        },
        "product_reference": "expat-debugsource-0:2.5.0-1.el8_10.s390x",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.5.0-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64"
        },
        "product_reference": "expat-debugsource-0:2.5.0-1.el8_10.x86_64",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.5.0-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64"
        },
        "product_reference": "expat-devel-0:2.5.0-1.el8_10.aarch64",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.5.0-1.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686"
        },
        "product_reference": "expat-devel-0:2.5.0-1.el8_10.i686",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.5.0-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le"
        },
        "product_reference": "expat-devel-0:2.5.0-1.el8_10.ppc64le",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.5.0-1.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x"
        },
        "product_reference": "expat-devel-0:2.5.0-1.el8_10.s390x",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.5.0-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
          "product_id": "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64"
        },
        "product_reference": "expat-devel-0:2.5.0-1.el8_10.x86_64",
        "relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-0340",
      "discovery_date": "2013-02-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1000109"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue.  NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "expat: internal entity expansion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-0340"
        },
        {
          "category": "external",
          "summary": "RHBZ#1000109",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000109"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0340",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-0340"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0340",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0340"
        }
      ],
      "release_date": "2013-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-19T22:11:45+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21776"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "expat: internal entity expansion"
    },
    {
      "cve": "CVE-2022-23990",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2022-01-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2048356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "expat: integer overflow in the doProlog function",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security marked this flaw as Moderate Impact because the vulnerability includes a flaw that is present in a program\u2019s source code but to which no current or theoretically possible, but unproven, exploitation vectors exist or were found during the technical analysis of the flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23990"
        },
        {
          "category": "external",
          "summary": "RHBZ#2048356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23990",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990"
        }
      ],
      "release_date": "2022-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-19T22:11:45+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21776"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "expat: integer overflow in the doProlog function"
    },
    {
      "cve": "CVE-2024-28757",
      "cwe": {
        "id": "CWE-776",
        "name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
      },
      "discovery_date": "2024-03-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2268766"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "expat: XML Entity Expansion",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as a moderate severity because a flaw was found in the libexpat library in the xmlparse.c file, specifically in the handling of external parsers. The issue is an XML Entity Expansion flaw caused by the parser\u0027s failure to detect direct recursion when a parameter entity references itself in an external subset. An attacker can trigger this by submitting a specially crafted XML document, which creates an infinite processing loop, leading to uncontrolled resource consumption and causing a denial of service (DoS).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-28757"
        },
        {
          "category": "external",
          "summary": "RHBZ#2268766",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268766"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28757",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28757",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28757"
        },
        {
          "category": "external",
          "summary": "https://github.com/libexpat/libexpat/issues/839",
          "url": "https://github.com/libexpat/libexpat/issues/839"
        }
      ],
      "release_date": "2024-03-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-19T22:11:45+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21776"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "expat: XML Entity Expansion"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-09-15T03:00:59.775098+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2395108"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x",
          "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "RHBZ#2395108",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
        }
      ],
      "release_date": "2025-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-19T22:11:45+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21776"
        },
        {
          "category": "workaround",
          "details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
          "product_ids": [
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.src",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debuginfo-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-debugsource-0:2.5.0-1.el8_10.x86_64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.aarch64",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.i686",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.ppc64le",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.s390x",
            "BaseOS-8.10.0.Z.MAIN.EUS:expat-devel-0:2.5.0-1.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-59375 (GCVE-0-2025-59375)

Tags

Sightings

Nomenclature