CVE-2026-4371

CVE-2026-4371

Name

CVE-2026-4371

Description

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=2023493
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2026-23/
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2026-24/

Type

URI

security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=2023493

security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2026-23/

security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2026-24/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:mozilla:thunderbird:::::esr:::*`	thunderbird	>= None	< 140.9.0
`cpe:2.3:a:mozilla:thunderbird:::::-:::*`	thunderbird	>= None	< 149.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*

thunderbird

>= None

< 140.9.0

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*

thunderbird

>= None

< 149.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
thunderbird	edge-community	148.0-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	145.0-r2	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	145.0-r1	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	145.0-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	144.0-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	140.0.1-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	140.0-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	139.0.2-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	138.0-r2	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	138.0-r1	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	138.0-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	137.0.1-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	137.0-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	128.8.0-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	128.7.1-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	128.7.0-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	128.6.0-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	128.5.2-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	128.5.1-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	128.5.0-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	128.4.4-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	128.4.3-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	128.4.2-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	128.1.1-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	115.10.1-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	115.5.0-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	115.4.1-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	115.4.0-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable
thunderbird	edge-community	102.1.0-r0	psykose <alice@ayaya.dev>	possibly vulnerable
thunderbird	edge-community	102.0-r0	psykose <alice@ayaya.dev>	possibly vulnerable
thunderbird	edge-community	91.10.0-r0	psykose <alice@ayaya.dev>	possibly vulnerable
thunderbird	edge-community	91.9.1-r0	psykose <alice@ayaya.dev>	possibly vulnerable
thunderbird	edge-community	91.9.0-r0	None	possibly vulnerable
thunderbird	edge-community	91.8.0-r0	None	possibly vulnerable
thunderbird	edge-community	91.7.0-r0	None	possibly vulnerable
thunderbird	edge-community	91.6.2-r0	None	possibly vulnerable
thunderbird	edge-community	91.6.0-r0	None	possibly vulnerable
thunderbird	edge-community	91.5.0-r0	None	possibly vulnerable
thunderbird	edge-community	91.4.1-r0	None	possibly vulnerable
thunderbird	edge-community	91.4.0-r0	None	possibly vulnerable
thunderbird	edge-community	91.3.2-r0	None	possibly vulnerable
thunderbird	edge-community	78.9.0-r0	None	possibly vulnerable
thunderbird	edge-community	78.7.0-r0	None	possibly vulnerable
thunderbird	edge-community	78.6.1-r0	None	possibly vulnerable
thunderbird	edge-community	78.5.1-r0	None	possibly vulnerable
thunderbird	edge-community	68.10.0-r0	None	possibly vulnerable
thunderbird	edge-community	68.9.0-r0	None	possibly vulnerable
thunderbird	edge-community	68.8.0-r0	None	possibly vulnerable
thunderbird	edge-community	68.7.0-r0	None	possibly vulnerable
thunderbird	edge-community	68.6.0-r0	None	possibly vulnerable
thunderbird	edge-community	68.5.0-r0	None	possibly vulnerable
thunderbird	3.23-community	145.0-r0	Patrycja Rosa <alpine@ptrcnull.me>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages