cbcvebase.
CVE-2026-3889
published 2026-03-24

CVE-2026-3889: Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.

medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianthunderbird< thunderbird 1:140.9.0esr-1~deb12u1 (bookworm)thunderbird 1:140.9.0esr-1~deb12u1 (bookworm)
mozillafirefox
mozillathunderbird< 140.9.0140.9.0
mozillathunderbird< 149.0149.0
mozillathunderbird>= 0 < 1:140.9.0esr-1~deb11u11:140.9.0esr-1~deb11u1
mozillathunderbird>= 0 < 1:140.9.0esr-1~deb12u11:140.9.0esr-1~deb12u1
mozillathunderbird>= 0 < 1:140.9.0esr-1~deb13u11:140.9.0esr-1~deb13u1
mozillathunderbird>= 0 < 1:140.9.0esr-11:140.9.0esr-1

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
osv6.5MEDIUM