Nixpkgs Security Tracker

Untriaged

Permalink CVE-2026-2795

created 1 month ago

Use-after-free in the JavaScript: GC component

Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

References

Affected products

Firefox

<148

Thunderbird

<148

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

nixos-unstable 2.83.1
- nixpkgs-unstable 2.83.1
- nixos-unstable-small 2.83.1
nixos-25.11 2.79.3
- nixos-25.11-small 2.79.3
- nixpkgs-25.11-darwin 2.79.3

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

nixos-unstable 1.1.1
- nixpkgs-unstable 1.1.1
- nixos-unstable-small 1.1.1
nixos-25.11 1.1.1
- nixos-25.11-small 1.1.1
- nixpkgs-25.11-darwin 1.1.1

pkgs.pkgsRocm.firefox

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-gnome-theme

GNOME theme for Firefox

nixos-unstable 143
- nixpkgs-unstable 143
- nixos-unstable-small 143
nixos-25.11 143
- nixos-25.11-small 143
- nixpkgs-25.11-darwin 143

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

nixos-unstable 1.9.0
- nixpkgs-unstable 1.9.0
- nixos-unstable-small 1.9.0
nixos-25.11 1.9.0
- nixos-25.11-small 1.9.0
- nixpkgs-25.11-darwin 1.9.0

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.pkgsRocm.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-esr-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-beta

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.firefox-mobile

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-esr-140-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-128-unwrapped

Full-featured e-mail client

pkgs.thunderbird-140-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-esr-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.pkgsRocm.firefox-devedition

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

nixos-unstable 5
- nixpkgs-unstable 5
- nixos-unstable-small 5
nixos-25.11 5
- nixos-25.11-small 5
- nixpkgs-25.11-darwin 5

pkgs.roundcubePlugins.thunderbird_labels

None

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.11 1.6.0
- nixos-25.11-small 1.6.0
- nixpkgs-25.11-darwin 1.6.0

pkgs.thunderbirdPackages.thunderbird-128

Full-featured e-mail client

pkgs.thunderbirdPackages.thunderbird-140

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbirdPackages.thunderbird-esr

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

nixos-unstable 4
- nixpkgs-unstable 4
- nixos-unstable-small 4

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.

nixos-unstable 1
- nixpkgs-unstable 1
- nixos-unstable-small 1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

nixos-unstable 2.15.0
- nixpkgs-unstable 2.15.0
- nixos-unstable-small 2.15.0
nixos-25.11 2.15.0
- nixos-25.11-small 2.15.0
- nixpkgs-25.11-darwin 2.15.0

Package maintainers

@pmahoney Patrick Mahoney <pat@polycrystal.org>
@magnetophon Bart Brouns <bart@magnetophon.nl>
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
@rhendric Ryan Hendrickson
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@schnusch schnusch
@pasqui23 pasqui23 <p3dimaria@hotmail.it>
@camillemndn Camille M. <camillemondon@free.fr>
@honnip Jung seungwoo <me@honnip.page>
@vcunat Vladimír Čunát <v@cunat.cz>
@nbp Nicolas B. Pierron <nixos@nbp.name>
@felschr Felix Schröter <dev@felschr.com>
@nekowinston winston <hey@winston.sh>
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>

Untriaged

Permalink CVE-2026-2778

created 1 month ago

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox

<148

Firefox ESR

<140.8
<115.33

Thunderbird

<140.8
<148

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

nixos-unstable 2.83.1
- nixpkgs-unstable 2.83.1
- nixos-unstable-small 2.83.1
nixos-25.11 2.79.3
- nixos-25.11-small 2.79.3
- nixpkgs-25.11-darwin 2.79.3

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

nixos-unstable 1.1.1
- nixpkgs-unstable 1.1.1
- nixos-unstable-small 1.1.1
nixos-25.11 1.1.1
- nixos-25.11-small 1.1.1
- nixpkgs-25.11-darwin 1.1.1

pkgs.pkgsRocm.firefox

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-gnome-theme

GNOME theme for Firefox

nixos-unstable 143
- nixpkgs-unstable 143
- nixos-unstable-small 143
nixos-25.11 143
- nixos-25.11-small 143
- nixpkgs-25.11-darwin 143

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

nixos-unstable 1.9.0
- nixpkgs-unstable 1.9.0
- nixos-unstable-small 1.9.0
nixos-25.11 1.9.0
- nixos-25.11-small 1.9.0
- nixpkgs-25.11-darwin 1.9.0

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.pkgsRocm.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-esr-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-beta

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.firefox-mobile

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-esr-140-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-128-unwrapped

Full-featured e-mail client

pkgs.thunderbird-140-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-esr-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.pkgsRocm.firefox-devedition

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

nixos-unstable 5
- nixpkgs-unstable 5
- nixos-unstable-small 5
nixos-25.11 5
- nixos-25.11-small 5
- nixpkgs-25.11-darwin 5

pkgs.roundcubePlugins.thunderbird_labels

None

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.11 1.6.0
- nixos-25.11-small 1.6.0
- nixpkgs-25.11-darwin 1.6.0

pkgs.thunderbirdPackages.thunderbird-128

Full-featured e-mail client

pkgs.thunderbirdPackages.thunderbird-140

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbirdPackages.thunderbird-esr

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

nixos-unstable 4
- nixpkgs-unstable 4
- nixos-unstable-small 4

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.

nixos-unstable 1
- nixpkgs-unstable 1
- nixos-unstable-small 1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

nixos-unstable 2.15.0
- nixpkgs-unstable 2.15.0
- nixos-unstable-small 2.15.0
nixos-25.11 2.15.0
- nixos-25.11-small 2.15.0
- nixpkgs-25.11-darwin 2.15.0

Package maintainers

@pmahoney Patrick Mahoney <pat@polycrystal.org>
@magnetophon Bart Brouns <bart@magnetophon.nl>
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
@rhendric Ryan Hendrickson
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@schnusch schnusch
@pasqui23 pasqui23 <p3dimaria@hotmail.it>
@camillemndn Camille M. <camillemondon@free.fr>
@honnip Jung seungwoo <me@honnip.page>
@vcunat Vladimír Čunát <v@cunat.cz>
@nbp Nicolas B. Pierron <nixos@nbp.name>
@felschr Felix Schröter <dev@felschr.com>
@nekowinston winston <hey@winston.sh>
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>

Untriaged

Permalink CVE-2026-2801

created 1 month ago

Incorrect boundary conditions in the JavaScript: WebAssembly component

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

References

Affected products

Firefox

<148

Thunderbird

<148

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

nixos-unstable 2.83.1
- nixpkgs-unstable 2.83.1
- nixos-unstable-small 2.83.1
nixos-25.11 2.79.3
- nixos-25.11-small 2.79.3
- nixpkgs-25.11-darwin 2.79.3

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

nixos-unstable 1.1.1
- nixpkgs-unstable 1.1.1
- nixos-unstable-small 1.1.1
nixos-25.11 1.1.1
- nixos-25.11-small 1.1.1
- nixpkgs-25.11-darwin 1.1.1

pkgs.pkgsRocm.firefox

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-gnome-theme

GNOME theme for Firefox

nixos-unstable 143
- nixpkgs-unstable 143
- nixos-unstable-small 143
nixos-25.11 143
- nixos-25.11-small 143
- nixpkgs-25.11-darwin 143

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

nixos-unstable 1.9.0
- nixpkgs-unstable 1.9.0
- nixos-unstable-small 1.9.0
nixos-25.11 1.9.0
- nixos-25.11-small 1.9.0
- nixpkgs-25.11-darwin 1.9.0

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.pkgsRocm.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-esr-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-beta

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.firefox-mobile

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-esr-140-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-128-unwrapped

Full-featured e-mail client

pkgs.thunderbird-140-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-esr-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.pkgsRocm.firefox-devedition

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

nixos-unstable 5
- nixpkgs-unstable 5
- nixos-unstable-small 5
nixos-25.11 5
- nixos-25.11-small 5
- nixpkgs-25.11-darwin 5

pkgs.roundcubePlugins.thunderbird_labels

None

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.11 1.6.0
- nixos-25.11-small 1.6.0
- nixpkgs-25.11-darwin 1.6.0

pkgs.thunderbirdPackages.thunderbird-128

Full-featured e-mail client

pkgs.thunderbirdPackages.thunderbird-140

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbirdPackages.thunderbird-esr

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

nixos-unstable 4
- nixpkgs-unstable 4
- nixos-unstable-small 4

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.

nixos-unstable 1
- nixpkgs-unstable 1
- nixos-unstable-small 1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

nixos-unstable 2.15.0
- nixpkgs-unstable 2.15.0
- nixos-unstable-small 2.15.0
nixos-25.11 2.15.0
- nixos-25.11-small 2.15.0
- nixpkgs-25.11-darwin 2.15.0

Package maintainers

@pmahoney Patrick Mahoney <pat@polycrystal.org>
@magnetophon Bart Brouns <bart@magnetophon.nl>
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
@rhendric Ryan Hendrickson
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@schnusch schnusch
@pasqui23 pasqui23 <p3dimaria@hotmail.it>
@camillemndn Camille M. <camillemondon@free.fr>
@honnip Jung seungwoo <me@honnip.page>
@vcunat Vladimír Čunát <v@cunat.cz>
@nbp Nicolas B. Pierron <nixos@nbp.name>
@felschr Felix Schröter <dev@felschr.com>
@nekowinston winston <hey@winston.sh>
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>

Untriaged

Permalink CVE-2026-2759

created 1 month ago

Incorrect boundary conditions in the Graphics: ImageLib component

Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

Affected products

Firefox

<148

Firefox ESR

<140.8
<115.33

Thunderbird

<140.8
<148

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

nixos-unstable 2.83.1
- nixpkgs-unstable 2.83.1
- nixos-unstable-small 2.83.1
nixos-25.11 2.79.3
- nixos-25.11-small 2.79.3
- nixpkgs-25.11-darwin 2.79.3

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

nixos-unstable 1.1.1
- nixpkgs-unstable 1.1.1
- nixos-unstable-small 1.1.1
nixos-25.11 1.1.1
- nixos-25.11-small 1.1.1
- nixpkgs-25.11-darwin 1.1.1

pkgs.pkgsRocm.firefox

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-gnome-theme

GNOME theme for Firefox

nixos-unstable 143
- nixpkgs-unstable 143
- nixos-unstable-small 143
nixos-25.11 143
- nixos-25.11-small 143
- nixpkgs-25.11-darwin 143

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

nixos-unstable 1.9.0
- nixpkgs-unstable 1.9.0
- nixos-unstable-small 1.9.0
nixos-25.11 1.9.0
- nixos-25.11-small 1.9.0
- nixpkgs-25.11-darwin 1.9.0

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable 2.18.0
- nixpkgs-unstable 2.18.0
- nixos-unstable-small 2.18.0
nixos-25.11 2.18.0
- nixos-25.11-small 2.18.0
- nixpkgs-25.11-darwin 2.18.0

pkgs.pkgsRocm.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-esr-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-beta

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.firefox-mobile

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.firefox-esr-140-unwrapped

Web browser built from Firefox source tree

nixos-unstable 140.7.0esr
- nixpkgs-unstable 140.7.0esr
- nixos-unstable-small 140.8.0esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.0esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-128-unwrapped

Full-featured e-mail client

pkgs.thunderbird-140-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbird-esr-unwrapped

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable 147.0.4
- nixpkgs-unstable 147.0.4
- nixos-unstable-small 148.0
nixos-25.11 147.0.4
- nixos-25.11-small 147.0.4
- nixpkgs-25.11-darwin 147.0.4

pkgs.pkgsRocm.firefox-devedition

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable 148.0b15
- nixpkgs-unstable 148.0b15
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

nixos-unstable 5
- nixpkgs-unstable 5
- nixos-unstable-small 5
nixos-25.11 5
- nixos-25.11-small 5
- nixpkgs-25.11-darwin 5

pkgs.roundcubePlugins.thunderbird_labels

None

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.11 1.6.0
- nixos-25.11-small 1.6.0
- nixpkgs-25.11-darwin 1.6.0

pkgs.thunderbirdPackages.thunderbird-128

Full-featured e-mail client

pkgs.thunderbirdPackages.thunderbird-140

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.thunderbirdPackages.thunderbird-esr

Full-featured e-mail client

nixos-unstable 140.7.1esr
- nixpkgs-unstable 140.7.1esr
- nixos-unstable-small 140.7.2esr
nixos-25.11 140.7.0esr
- nixos-25.11-small 140.7.1esr
- nixpkgs-25.11-darwin 140.7.0esr

pkgs.pkgsRocm.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable 148.0b14
- nixpkgs-unstable 148.0b14
- nixos-unstable-small 148.0b15
nixos-25.11 148.0b15
- nixos-25.11-small 148.0b15
- nixpkgs-25.11-darwin 148.0b15

pkgs.pkgsRocm.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

nixos-unstable 4
- nixpkgs-unstable 4
- nixos-unstable-small 4

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.

nixos-unstable 1
- nixpkgs-unstable 1
- nixos-unstable-small 1

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 147.0.1
- nixpkgs-unstable 147.0.1
- nixos-unstable-small 147.0.2
nixos-25.11 147.0.1
- nixos-25.11-small 147.0.2
- nixpkgs-25.11-darwin 147.0.1

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

nixos-unstable 2.15.0
- nixpkgs-unstable 2.15.0
- nixos-unstable-small 2.15.0
nixos-25.11 2.15.0
- nixos-25.11-small 2.15.0
- nixpkgs-25.11-darwin 2.15.0

Package maintainers

@pmahoney Patrick Mahoney <pat@polycrystal.org>
@magnetophon Bart Brouns <bart@magnetophon.nl>
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
@rhendric Ryan Hendrickson
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@schnusch schnusch
@pasqui23 pasqui23 <p3dimaria@hotmail.it>
@camillemndn Camille M. <camillemondon@free.fr>
@honnip Jung seungwoo <me@honnip.page>
@vcunat Vladimír Čunát <v@cunat.cz>
@nbp Nicolas B. Pierron <nixos@nbp.name>
@felschr Felix Schröter <dev@felschr.com>
@nekowinston winston <hey@winston.sh>
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>

Untriaged

Permalink CVE-2026-0818

4.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

created 2 months ago

CSS-based exfiltration of the content from partially encrypted emails when allowing remote content

CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. This vulnerability affects Thunderbird < 147.0.1 and Thunderbird < 140.7.1.

References

Affected products

Thunderbird

<147.0.1
<140.7.1

Matching in nixpkgs

pkgs.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 145.0

pkgs.thunderbird-128-unwrapped

Full-featured e-mail client

pkgs.thunderbird-140-unwrapped

Full-featured e-mail client

nixos-unstable 140.5.0esr
- nixpkgs-unstable 140.5.0esr
- nixos-unstable-small 140.5.0esr

pkgs.thunderbird-esr-unwrapped

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 140.5.0esr
- nixos-unstable-small 140.5.0esr

pkgs.pkgsRocm.thunderbird-latest

Full-featured e-mail client

nixos-unstable 145.0
- nixpkgs-unstable 145.0
- nixos-unstable-small 145.0

pkgs.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 145.0
- nixos-unstable-small 145.0

pkgs.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 145.0

pkgs.roundcubePlugins.thunderbird_labels

None

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0

pkgs.thunderbirdPackages.thunderbird-128

Full-featured e-mail client

pkgs.thunderbirdPackages.thunderbird-140

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 140.5.0esr

pkgs.thunderbirdPackages.thunderbird-esr

Full-featured e-mail client

nixos-unstable 140.5.0esr
- nixpkgs-unstable 140.5.0esr
- nixos-unstable-small 140.5.0esr

pkgs.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 145.0
- nixpkgs-unstable 145.0
- nixos-unstable-small 145.0

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 145.0
- nixpkgs-unstable 145.0
- nixos-unstable-small 145.0

Package maintainers

@vcunat Vladimír Čunát <v@cunat.cz>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@nbp Nicolas B. Pierron <nixos@nbp.name>
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.firefoxpwa

pkgs.faust2firefox

pkgs.firefox_decrypt

pkgs.pkgsRocm.firefox

pkgs.firefox-unwrapped

pkgs.firefox-gnome-theme

pkgs.firefox-sync-client

pkgs.pkgsRocm.firefoxpwa

pkgs.pkgsRocm.thunderbird

pkgs.firefox-esr-unwrapped

pkgs.pkgsRocm.firefox-beta

pkgs.thunderbird-unwrapped

pkgs.firefox-beta-unwrapped

pkgs.pkgsRocm.firefox-mobile

pkgs.firefox-esr-140-unwrapped

pkgs.thunderbird-128-unwrapped

pkgs.thunderbird-140-unwrapped

pkgs.thunderbird-esr-unwrapped

pkgs.pkgsRocm.firefox-unwrapped

pkgs.pkgsRocm.firefox-devedition

pkgs.pkgsRocm.thunderbird-latest

pkgs.firefox-devedition-unwrapped

pkgs.thunderbird-latest-unwrapped

pkgs.pkgsRocm.thunderbird-unwrapped

pkgs.pkgsRocm.firefox-beta-unwrapped

pkgs.thunderbirdPackages.thunderbird

pkgs.gnomeExtensions.firefox-profiles

pkgs.roundcubePlugins.thunderbird_labels

pkgs.thunderbirdPackages.thunderbird-128

pkgs.thunderbirdPackages.thunderbird-140

pkgs.thunderbirdPackages.thunderbird-esr

pkgs.pkgsRocm.firefox-devedition-unwrapped

pkgs.pkgsRocm.thunderbird-latest-unwrapped

pkgs.thunderbirdPackages.thunderbird-latest

pkgs.pkgsRocm.thunderbirdPackages.thunderbird

pkgs.gnomeExtensions.firefox-pip-always-on-top

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.firefoxpwa

pkgs.faust2firefox

pkgs.firefox_decrypt

pkgs.pkgsRocm.firefox

pkgs.firefox-unwrapped

pkgs.firefox-gnome-theme

pkgs.firefox-sync-client

pkgs.pkgsRocm.firefoxpwa

pkgs.pkgsRocm.thunderbird

pkgs.firefox-esr-unwrapped

pkgs.pkgsRocm.firefox-beta

pkgs.thunderbird-unwrapped

pkgs.firefox-beta-unwrapped

pkgs.pkgsRocm.firefox-mobile

pkgs.firefox-esr-140-unwrapped

pkgs.thunderbird-128-unwrapped

pkgs.thunderbird-140-unwrapped

pkgs.thunderbird-esr-unwrapped

pkgs.pkgsRocm.firefox-unwrapped

pkgs.pkgsRocm.firefox-devedition

pkgs.pkgsRocm.thunderbird-latest

pkgs.firefox-devedition-unwrapped

pkgs.thunderbird-latest-unwrapped

pkgs.pkgsRocm.thunderbird-unwrapped

pkgs.pkgsRocm.firefox-beta-unwrapped

pkgs.thunderbirdPackages.thunderbird

pkgs.gnomeExtensions.firefox-profiles

pkgs.roundcubePlugins.thunderbird_labels

pkgs.thunderbirdPackages.thunderbird-128

pkgs.thunderbirdPackages.thunderbird-140

pkgs.thunderbirdPackages.thunderbird-esr

pkgs.pkgsRocm.firefox-devedition-unwrapped

pkgs.pkgsRocm.thunderbird-latest-unwrapped