CVE-2026-4371
HIGHCVSS v3.1: 7.4 · EPSS: 0.0029 (20.2 percentile)
Source data as of:
At a glance
- Severity
- HIGH
- CVSS
- 7.4 v3.1 · NVD
- EPSS
- 0.0029 (20.2 percentile) · FIRST.org
- CISA KEV
- No
- Attack conditions (CVSS vector)
- NetworkNo privilegesNo user interaction · Source: NVD Vector
- Affected vendors
- mozilla
- Published
- 2026-03-24 · Modified: 2026-06-30
- References
- Jump to references (8)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.
- Reference https://bugzilla.mozilla.org/show_bug.cgi?id=2023493
- Vendor advisory https://www.mozilla.org/security/advisories/mfsa2026-23/
- Vendor advisory https://www.mozilla.org/security/advisories/mfsa2026-24/
- Distro https://access.redhat.com/errata/RHSA-2026:6188
- Distro https://access.redhat.com/errata/RHSA-2026:6342
- Distro https://access.redhat.com/errata/RHSA-2026:6917
- Distro https://access.redhat.com/errata/RHSA-2026:8284
- Distro https://access.redhat.com/errata/RHSA-2026:8285