Mozilla Thunderbird vulnerabilities
1,818 known vulnerabilities affecting mozilla/thunderbird.
Total CVEs
1,818
CISA KEV
14
actively exploited
Public exploits
56
Exploited in wild
18
Severity breakdown
CRITICAL612HIGH551MEDIUM626LOW29
Vulnerabilities
Page 5 of 91
CVE-2026-2790CRITICALCVSS 9.8fixed in 140.8.0fixed in 148.02026-02-24
CVE-2026-2790 [CRITICAL] CWE-346 CVE-2026-2790: Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox
Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
nvdosv
CVE-2026-2800CRITICALCVSS 9.8fixed in 148.02026-02-24
CVE-2026-2800 [CRITICAL] CWE-290 CVE-2026-2800: Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Fir
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
nvd
CVE-2026-2765CRITICALCVSS 9.8fixed in 140.8.0fixed in 148.02026-02-24
CVE-2026-2765 [CRITICAL] CWE-416 CVE-2026-2765: Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Fire
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
nvdosv
CVE-2026-2787CRITICALCVSS 9.8fixed in 140.8.0fixed in 148.02026-02-24
CVE-2026-2787 [CRITICAL] CWE-416 CVE-2026-2787: Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 14
Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
nvdosv
CVE-2026-2760CRITICALCVSS 10.0fixed in 140.8.0fixed in 148.02026-02-24
CVE-2026-2760 [CRITICAL] CWE-1384 CVE-2026-2760: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulne
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
nvdosv
CVE-2026-2758CRITICALCVSS 9.8fixed in 140.8.0fixed in 148.02026-02-24
CVE-2026-2758 [CRITICAL] CWE-416 CVE-2026-2758: Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
nvdosv
CVE-2026-2797CRITICALCVSS 9.8fixed in 148.02026-02-24
CVE-2026-2797 [CRITICAL] CWE-416 CVE-2026-2797: Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thun
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
nvd
CVE-2026-2769HIGHCVSS 8.8fixed in 140.8.0fixed in 148.02026-02-24
CVE-2026-2769 [HIGH] CWE-416 CVE-2026-2769: Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Fir
Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
nvdosv
CVE-2026-2783HIGHCVSS 7.5fixed in 140.8.0fixed in 148.02026-02-24
CVE-2026-2783 [HIGH] CWE-843 CVE-2026-2783: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulne
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
nvdosv
CVE-2026-2803HIGHCVSS 7.5fixed in 148.02026-02-24
CVE-2026-2803 [HIGH] CWE-200 CVE-2026-2803: Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed
Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
nvd
CVE-2026-2801HIGHCVSS 7.5fixed in 148.02026-02-24
CVE-2026-2801 [HIGH] CWE-754 CVE-2026-2801: Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
nvd
CVE-2026-2798HIGHCVSS 8.8fixed in 148.02026-02-24
CVE-2026-2798 [HIGH] CWE-416 CVE-2026-2798: Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Th
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
nvd
CVE-2026-2804MEDIUMCVSS 5.4fixed in 148.02026-02-24
CVE-2026-2804 [MEDIUM] CWE-416 CVE-2026-2804: Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
nvd
CVE-2026-2802MEDIUMCVSS 4.2fixed in 148.02026-02-24
CVE-2026-2802 [MEDIUM] CWE-362 CVE-2026-2802: Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thun
Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
nvd
CVE-2026-2447HIGHCVSS 8.8fixed in 140.7.2≥ 141.0, < 147.0.22026-02-16
CVE-2026-2447 [HIGH] CWE-122 CVE-2026-2447: Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.
nvdosv
CVE-2026-0818MEDIUMCVSS 4.3fixed in 140.7.1fixed in 147.0.12026-01-28
CVE-2026-0818 [MEDIUM] CWE-116 CVE-2026-0818: When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote
nvdosv
CVE-2026-0879CRITICALCVSS 9.8fixed in 140.7.0fixed in 147.02026-01-13
CVE-2026-0879 [CRITICAL] CWE-119 CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability wa
Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
nvdosv
CVE-2026-0892CRITICALCVSS 9.8fixed in 147.02026-01-13
CVE-2026-0892 [CRITICAL] CWE-119 CVE-2026-0892: Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of
Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
nvd
CVE-2026-0884CRITICALCVSS 9.8fixed in 140.7.0fixed in 147.02026-01-13
CVE-2026-0884 [CRITICAL] CWE-416 CVE-2026-0884: Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Fire
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
nvdosv
CVE-2026-0881CRITICALCVSS 10.0fixed in 147.02026-01-13
CVE-2026-0881 [CRITICAL] CWE-284 CVE-2026-0881: Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Th
Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
nvd