ubuntu-cve-2026-12329
Vulnerability from osv_ubuntu
Published
2026-06-16 13:16
Modified
2026-06-30 16:18
Summary
Details
Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.
Severity
5.3 (Medium)
7.5 (High)
N/A (UNKNOWN)
References
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:140.7.1+build1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:91.1.2+build1-0ubuntu1",
"1:91.3.0+build2-0ubuntu1",
"1:91.3.1+build1-0ubuntu1",
"1:91.3.2+build1-0ubuntu1",
"1:91.4.0+build1.1-0ubuntu1",
"1:91.4.0+build2-0ubuntu1",
"1:91.5.0+build1-0ubuntu1",
"1:91.5.1+build1-0ubuntu1",
"1:91.6.1+build1-0ubuntu1",
"1:91.7.0+build1-0ubuntu1",
"1:91.7.0+build2-0ubuntu1",
"1:91.8.0+build2-0ubuntu1",
"1:91.9.1+build1-0ubuntu0.22.04.1",
"1:91.11.0+build2-0ubuntu0.22.04.1",
"1:102.2.2+build1-0ubuntu0.22.04.1",
"1:102.4.2+build2-0ubuntu0.22.04.1",
"1:102.7.1+build2-0ubuntu0.22.04.1",
"1:102.8.0+build2-0ubuntu0.22.04.1",
"1:102.9.0+build1-0ubuntu0.22.04.1",
"1:102.10.0+build2-0ubuntu0.22.04.1",
"1:102.11.0+build1-0ubuntu0.22.04.1",
"1:102.13.0+build1-0ubuntu0.22.04.1",
"1:102.15.0+build1-0ubuntu0.22.04.1",
"1:102.15.1+build1-0ubuntu0.22.04.1",
"1:115.3.1+build1-0ubuntu0.22.04.2",
"1:115.4.1+build1-0ubuntu0.22.04.1",
"1:115.5.0+build1-0ubuntu0.22.04.1",
"1:115.6.0+build2-0ubuntu0.22.04.1",
"1:115.8.1+build1-0ubuntu0.22.04.1",
"1:115.9.0+build1-0ubuntu0.22.04.1",
"1:115.10.1+build1-0ubuntu0.22.04.1",
"1:115.11.0+build2-0ubuntu0.22.04.1",
"1:115.12.0+build3-0ubuntu0.22.04.1",
"1:115.13.0+build5-0ubuntu0.22.04.1",
"1:115.15.0+build1-0ubuntu0.22.04.1",
"1:115.16.0+build2-0ubuntu0.22.04.1",
"1:115.18.0+build1-0ubuntu0.22.04.1",
"1:128.12.0+build1-0ubuntu0.22.04.1",
"1:140.7.1+build1-0ubuntu0.22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "2:1snap1-0ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@2:1snap1-0ubuntu3?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:115.3.1+build1-0ubuntu1",
"1:115.4.1+build1-0ubuntu1",
"1:115.4.3+build1-0ubuntu1",
"1:115.5.0+build1-0ubuntu1",
"1:115.5.1+build1-0ubuntu1",
"1:115.5.2+build2-0ubuntu1",
"1:115.6.0+build1-0ubuntu1",
"1:115.6.0+build2-0ubuntu1",
"1:115.6.1+build1-0ubuntu1",
"1:115.8.0+build1-0ubuntu1",
"1:115.8.1+build1+snap2",
"1:115.8.1+build1+snap3",
"2:1snap1-0ubuntu1",
"2:1snap1-0ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "2:1snap1-0ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@2:1snap1-0ubuntu3?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2:1snap1-0ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "2:1snap1-0ubuntu5"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@2:1snap1-0ubuntu5?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2:1snap1-0ubuntu3",
"2:1snap1-0ubuntu4",
"2:1snap1-0ubuntu5"
]
}
],
"aliases": [],
"details": "Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.",
"id": "UBUNTU-CVE-2026-12329",
"modified": "2026-06-30T16:18:43Z",
"published": "2026-06-16T13:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-12329"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12329"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12329"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12329"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-12329"
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…