{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Thunderbird ist ein Open Source E-Mail Client.\r\nFirefox ist ein Open Source Web Browser.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein Angreifer kann mehrere Schwachstellen in Mozilla Thunderbird, Mozilla Firefox ESR und Mozilla Firefox ausnutzen, um seine Privilegien zu erhöhen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, um falsche Informationen darzustellen, und um Sicherheitsvorkehrungen zu umgehen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux\n- Sonstiges\n- UNIX\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1228 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1228.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1228 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1228" }, { "category" : "external", "summary" : "Mozilla Security Advisory mfsa2026-30 vom 2026-04-21", "url" : "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/" }, { "category" : "external", "summary" : "Mozilla Security Advisory mfsa2026-31 vom 2026-04-21", "url" : "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31/" }, { "category" : "external", "summary" : "Mozilla Security Advisory mfsa2026-32 vom 2026-04-21", "url" : "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32" }, { "category" : "external", "summary" : "Mozilla Security Advisory mfsa2026-33 vom 2026-04-21", "url" : "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33/" }, { "category" : "external", "summary" : "Mozilla Security Advisory mfsa2026-34 vom 2026-04-21", "url" : "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/" }, { "category" : "external", "summary" : "Debian Security Advisory DLA-4546 vom 2026-04-23", "url" : "https://lists.debian.org/debian-lts-announce/2026/04/msg00027.html" }, { "category" : "external", "summary" : "National Vulnerability Database CVE-2026-6748 vom 2026-04-22", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-6748" }, { "category" : "external", "summary" : "National Vulnerability Database CVE-2026-6750 vom 2026-04-22", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-6750" }, { "category" : "external", "summary" : "openSUSE Security Update OPENSUSE-SU-2026:10610-1 vom 2026-04-25", "url" : "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6VX2E6MLQKO7DPWQ4ZZHUP2YTTOARCJ2/" }, { "category" : "external", "summary" : "Debian Security Advisory DSA-6229 vom 2026-04-24", "url" : "https://security-tracker.debian.org/tracker/DSA-6229-1" }, { "category" : "external", "summary" : "Debian Security Advisory DLA-4549 vom 2026-04-26", "url" : "https://lists.debian.org/debian-lts-announce/2026/04/msg00030.html" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:10757 vom 2026-04-27", "url" : "https://access.redhat.com/errata/RHSA-2026:10757" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2026-10767 vom 2026-04-28", "url" : "https://linux.oracle.com/errata/ELSA-2026-10767.html" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:10767 vom 2026-04-27", "url" : "https://access.redhat.com/errata/RHSA-2026:10767" }, { "category" : "external", "summary" : "openSUSE Security Update OPENSUSE-SU-2026:20621-1 vom 2026-04-27", "url" : "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6A4NBNRGRAA5IER7QAALUZTRHLEXIBXW/" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2026-10757 vom 2026-04-28", "url" : "https://linux.oracle.com/errata/ELSA-2026-10757.html" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2026:10766 vom 2026-04-27", "url" : "https://access.redhat.com/errata/RHSA-2026:10766" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2026-10766 vom 2026-04-28", "url" : "https://linux.oracle.com/errata/ELSA-2026-10766.html" } ], "source_lang" : "en-US", "title" : "Mozilla Thunderbird, Firefox ESR und Firefox: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-04-27T22:00:00.000+00:00", "generator" : { "date" : "2026-04-28T09:29:29.795+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.5.0" } }, "id" : "WID-SEC-W-2026-1228", "initial_release_date" : "2026-04-21T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-04-21T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2026-04-22T22:00:00.000+00:00", "number" : "2", "summary" : "Neue Updates von Debian aufgenommen" }, { "date" : "2026-04-23T22:00:00.000+00:00", "number" : "3", "summary" : "Anpassung CVSS Bewertung gemäß NVD Angaben" }, { "date" : "2026-04-26T22:00:00.000+00:00", "number" : "4", "summary" : "Neue Updates von openSUSE und Debian aufgenommen" }, { "date" : "2026-04-27T22:00:00.000+00:00", "number" : "5", "summary" : "Neue Updates von Oracle Linux, Red Hat und openSUSE aufgenommen" } ], "status" : "final", "version" : "5" } }, "product_tree" : { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Debian Linux", "product" : { "name" : "Debian Linux", "product_id" : "2951", "product_identification_helper" : { "cpe" : "cpe:/o:debian:debian_linux:-" } } } ], "category" : "vendor", "name" : "Debian" }, { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<150", "product" : { "name" : "Mozilla Firefox <150", "product_id" : "T053198" } }, { "category" : "product_version", "name" : "150", "product" : { "name" : "Mozilla Firefox 150", "product_id" : "T053198-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:mozilla:firefox:150" } } } ], "category" : "product_name", "name" : "Firefox" }, { "branches" : [ { "category" : "product_version_range", "name" : "<140.10", "product" : { "name" : "Mozilla Firefox ESR <140.10", "product_id" : "T053196" } }, { "category" : "product_version", "name" : "140.1", "product" : { "name" : "Mozilla Firefox ESR 140.10", "product_id" : "T053196-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:mozilla:firefox_esr:140.10" } } }, { "category" : "product_version_range", "name" : "<115.35", "product" : { "name" : "Mozilla Firefox ESR <115.35", "product_id" : "T053197" } }, { "category" : "product_version", "name" : "115.35", "product" : { "name" : "Mozilla Firefox ESR 115.35", "product_id" : "T053197-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:mozilla:firefox_esr:115.35" } } } ], "category" : "product_name", "name" : "Firefox ESR" }, { "branches" : [ { "category" : "product_version_range", "name" : "<140.10", "product" : { "name" : "Mozilla Thunderbird <140.10", "product_id" : "T053194" } }, { "category" : "product_version", "name" : "140.1", "product" : { "name" : "Mozilla Thunderbird 140.10", "product_id" : "T053194-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:mozilla:thunderbird:140.10" } } }, { "category" : "product_version_range", "name" : "<150", "product" : { "name" : "Mozilla Thunderbird <150", "product_id" : "T053195" } }, { "category" : "product_version", "name" : "150", "product" : { "name" : "Mozilla Thunderbird 150", "product_id" : "T053195-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:mozilla:thunderbird:150" } } } ], "category" : "product_name", "name" : "Thunderbird" } ], "category" : "vendor", "name" : "Mozilla" }, { "branches" : [ { "category" : "product_name", "name" : "Oracle Linux", "product" : { "name" : "Oracle Linux", "product_id" : "T004914", "product_identification_helper" : { "cpe" : "cpe:/o:oracle:linux:-" } } } ], "category" : "vendor", "name" : "Oracle" }, { "branches" : [ { "category" : "product_name", "name" : "Red Hat Enterprise Linux", "product" : { "name" : "Red Hat Enterprise Linux", "product_id" : "67646", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:-" } } } ], "category" : "vendor", "name" : "Red Hat" }, { "branches" : [ { "category" : "product_name", "name" : "SUSE openSUSE", "product" : { "name" : "SUSE openSUSE", "product_id" : "T027843", "product_identification_helper" : { "cpe" : "cpe:/o:suse:opensuse:-" } } } ], "category" : "vendor", "name" : "SUSE" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-2781", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-2781" }, { "cve" : "CVE-2026-33626", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-33626" }, { "cve" : "CVE-2026-6746", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6746" }, { "cve" : "CVE-2026-6747", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6747" }, { "cve" : "CVE-2026-6748", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6748" }, { "cve" : "CVE-2026-6749", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6749" }, { "cve" : "CVE-2026-6750", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6750" }, { "cve" : "CVE-2026-6751", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6751" }, { "cve" : "CVE-2026-6752", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6752" }, { "cve" : "CVE-2026-6753", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6753" }, { "cve" : "CVE-2026-6754", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6754" }, { "cve" : "CVE-2026-6755", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6755" }, { "cve" : "CVE-2026-6756", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6756" }, { "cve" : "CVE-2026-6757", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6757" }, { "cve" : "CVE-2026-6758", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6758" }, { "cve" : "CVE-2026-6759", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6759" }, { "cve" : "CVE-2026-6760", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6760" }, { "cve" : "CVE-2026-6761", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6761" }, { "cve" : "CVE-2026-6762", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6762" }, { "cve" : "CVE-2026-6763", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6763" }, { "cve" : "CVE-2026-6764", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6764" }, { "cve" : "CVE-2026-6765", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6765" }, { "cve" : "CVE-2026-6766", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6766" }, { "cve" : "CVE-2026-6767", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6767" }, { "cve" : "CVE-2026-6768", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6768" }, { "cve" : "CVE-2026-6769", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6769" }, { "cve" : "CVE-2026-6770", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6770" }, { "cve" : "CVE-2026-6771", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6771" }, { "cve" : "CVE-2026-6772", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6772" }, { "cve" : "CVE-2026-6773", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6773" }, { "cve" : "CVE-2026-6774", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6774" }, { "cve" : "CVE-2026-6775", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6775" }, { "cve" : "CVE-2026-6776", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6776" }, { "cve" : "CVE-2026-6777", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6777" }, { "cve" : "CVE-2026-6778", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6778" }, { "cve" : "CVE-2026-6779", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6779" }, { "cve" : "CVE-2026-6780", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6780" }, { "cve" : "CVE-2026-6781", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6781" }, { "cve" : "CVE-2026-6782", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6782" }, { "cve" : "CVE-2026-6783", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6783" }, { "cve" : "CVE-2026-6784", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6784" }, { "cve" : "CVE-2026-6785", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6785" }, { "cve" : "CVE-2026-6786", "product_status" : { "known_affected" : [ "T053198", "T053196", "T053197", "2951", "T053194", "67646", "T053195", "T027843", "T004914" ] }, "release_date" : "2026-04-21T22:00:00.000+00:00", "title" : "CVE-2026-6786" } ] }