Security Advisory

CVE-2026-4371

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-24 20:27:15

Last updated 2026-04-13 13:51:25

Assigner mozilla

State PUBLISHED

Description

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.

← Browse all CVEs View on cve.org ↗