Debian fixes multiple CVEs
Debian has released two important security advisories for widely used desktop applications: Thunderbird and Chromium. Both updates should be installed as soon as possible, especially on systems used for browsing, email, administration, or daily desktop work.
Thunderbird — DSA-6229-1
The Thunderbird update fixes multiple security vulnerabilities identified under several CVE numbers, including CVE-2026-6746 through CVE-2026-6786.
According to the Debian advisory, these issues could potentially allow arbitrary code execution. This is especially serious for an email client, because Thunderbird handles complex content such as HTML email, attachments, links, and remote resources.
Fixed versions:
Debian oldstable bookworm:
1:140.10.0esr-1~deb12u1
Debian stable trixie:
1:140.10.0esr-1~deb13u1
Chromium — DSA-6230-1
Debian also released a Chromium security update fixing:
CVE-2026-6919
CVE-2026-6920
CVE-2026-6921
These vulnerabilities could result in arbitrar…login to view the rest of this post