CVE-2026-3889User Interface (UI) Misrepresentation of Critical Information in Mozilla Thunderbird

CWE-451User Interface (UI) Misrepresentation of Critical InformationCWE-20Improper Input Validation10 documents9 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 92.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Thunderbird
Timeline
PublishedMar 24

Description

Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDmozilla/thunderbird< 140.9.0+1
Debianmozilla/thunderbird< 1:140.9.0esr-1~deb11u1+3

🔴Vulnerability Details

3
CVEList
Spoofing issue in Thunderbird2026-03-24
OSV
CVE-2026-3889: Spoofing issue in Thunderbird2026-03-24
GHSA
GHSA-g3qh-qhp8-8f86: Spoofing issue in Thunderbird2026-03-24

📋Vendor Advisories

4
Red Hat
thunderbird: Spoofing issue in Thunderbird2026-03-24
Debian
CVE-2026-3889: thunderbird - Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and ...2026
Mozilla
Mozilla Foundation Security Advisory 2026-24: CVE-2026-3889
Mozilla
Mozilla Foundation Security Advisory 2026-23: CVE-2026-3889

🕵️Threat Intelligence

1
Wiz
CVE-2026-3889 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-3889 thunderbird: Spoofing issue in Thunderbird2026-03-24
CVE-2026-3889 — Mozilla Thunderbird vulnerability | cvebase