CVE-2026-4371
published 2026-03-24CVE-2026-4371: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or…
high7.4CVSS 3.1
AVNACHPRNUINSUCHINAH
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | thunderbird | < thunderbird 1:140.9.0esr-1~deb12u1 (bookworm) | thunderbird 1:140.9.0esr-1~deb12u1 (bookworm) |
| mozilla | firefox | — | — |
| mozilla | thunderbird | < 140.9.0 | 140.9.0 |
| mozilla | thunderbird | < 149.0 | 149.0 |
| mozilla | thunderbird | >= 0 < 1:140.9.0esr-1~deb11u1 | 1:140.9.0esr-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:140.9.0esr-1~deb12u1 | 1:140.9.0esr-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:140.9.0esr-1~deb13u1 | 1:140.9.0esr-1~deb13u1 |
| mozilla | thunderbird | >= 0 < 1:140.9.0esr-1 | 1:140.9.0esr-1 |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
osv7.4HIGH