Mozilla Thunderbird vulnerabilities
1,918 known vulnerabilities affecting mozilla/thunderbird.
Total CVEs
1,918
CISA KEV
14
actively exploited
Public exploits
59
Exploited in wild
18
Severity breakdown
CRITICAL625HIGH610MEDIUM652LOW31
Vulnerabilities
Page 10 of 96
CVE-2026-2787CRITICALCVSS 9.8fixed in 140.8.0fixed in 148.02026-02-24
CVE-2026-2787 [CRITICAL] CWE-416 CVE-2026-2787: Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 14
Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
nvdosv
CVE-2026-2760CRITICALCVSS 10.0fixed in 140.8.0fixed in 148.02026-02-24
CVE-2026-2760 [CRITICAL] CWE-1384 CVE-2026-2760: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulne
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
nvdosv
CVE-2026-2758CRITICALCVSS 9.8fixed in 140.8.0fixed in 148.02026-02-24
CVE-2026-2758 [CRITICAL] CWE-416 CVE-2026-2758: Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
nvdosv
CVE-2026-2797CRITICALCVSS 9.8fixed in 148.02026-02-24
CVE-2026-2797 [CRITICAL] CWE-416 CVE-2026-2797: Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thun
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
nvd
CVE-2026-2769HIGHCVSS 8.8fixed in 140.8.0fixed in 148.02026-02-24
CVE-2026-2769 [HIGH] CWE-416 CVE-2026-2769: Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Fir
Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
nvdosv
CVE-2026-2783HIGHCVSS 7.5fixed in 140.8.0fixed in 148.02026-02-24
CVE-2026-2783 [HIGH] CWE-843 CVE-2026-2783: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulne
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
nvdosv
CVE-2026-2803HIGHCVSS 7.5fixed in 148.02026-02-24
CVE-2026-2803 [HIGH] CWE-200 CVE-2026-2803: Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed
Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
nvd
CVE-2026-2801HIGHCVSS 7.5fixed in 148.02026-02-24
CVE-2026-2801 [HIGH] CWE-754 CVE-2026-2801: Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
nvd
CVE-2026-2798HIGHCVSS 8.8fixed in 148.02026-02-24
CVE-2026-2798 [HIGH] CWE-416 CVE-2026-2798: Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Th
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
nvd
CVE-2026-2804MEDIUMCVSS 5.4fixed in 148.02026-02-24
CVE-2026-2804 [MEDIUM] CWE-416 CVE-2026-2804: Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
nvd
CVE-2026-2802MEDIUMCVSS 4.2fixed in 148.02026-02-24
CVE-2026-2802 [MEDIUM] CWE-362 CVE-2026-2802: Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thun
Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
nvd
CVE-2026-2447HIGHCVSS 8.8fixed in 140.7.2≥ 141.0, < 147.0.22026-02-16
CVE-2026-2447 [HIGH] CWE-122 CVE-2026-2447: Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.
nvdosv
CVE-2026-0818MEDIUMCVSS 4.3fixed in 140.7.1fixed in 147.0.12026-01-28
CVE-2026-0818 [MEDIUM] CWE-116 CVE-2026-0818: When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote
nvdosv
CVE-2026-0879CRITICALCVSS 9.8fixed in 140.7.0fixed in 147.02026-01-13
CVE-2026-0879 [CRITICAL] CWE-119 CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability wa
Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
nvdosv
CVE-2026-0892CRITICALCVSS 9.8fixed in 147.02026-01-13
CVE-2026-0892 [CRITICAL] CWE-119 CVE-2026-0892: Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of
Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
nvd
CVE-2026-0884CRITICALCVSS 9.8fixed in 140.7.0fixed in 147.02026-01-13
CVE-2026-0884 [CRITICAL] CWE-416 CVE-2026-0884: Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Fire
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
nvdosv
CVE-2026-0881CRITICALCVSS 10.0fixed in 147.02026-01-13
CVE-2026-0881 [CRITICAL] CWE-284 CVE-2026-0881: Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Th
Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
nvd
CVE-2026-0877HIGHCVSS 8.1fixed in 140.7.0fixed in 147.02026-01-13
CVE-2026-0877 [HIGH] CWE-693 CVE-2026-0877: Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firef
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
nvdosv
CVE-2026-0878HIGHCVSS 8.0fixed in 140.7.0fixed in 147.02026-01-13
CVE-2026-0878 [HIGH] CWE-20 CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vul
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
nvdosv
CVE-2026-0889HIGHCVSS 7.5fixed in 147.02026-01-13
CVE-2026-0889 [HIGH] CWE-400 CVE-2026-0889: Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147
Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
nvd